Adding/Renewing an SSL Certificate for Portal 4.5

Adding/Renewing an SSL Certificate for Portal 4.5

Pre-requisites:

-Administrative access to your Doc.It server and Mobile Gateway (Portal) server
-Access to your Certificate Authority (i.e. GoDaddy, Digicert, etc) for ordering/downloading new certificates

Overview:

Doc.It Portal 4.5 requires a minimum 2048-bit Multi-SAN/Multi-Domain or Wildcard SSL certificate from a trusted Certificate Authority. This certificate must be installed on both the Doc.It Server and the Mobile Gateway (Portal) server, in the Personal Store of the Local Machine Certificate Store. Once installed, it must then be bound in IIS on the relevant sites in both servers, as well as to the Doc.It Bridge service itself, via a .JSON config file.

This article will go through generating a Certificate Signing Request (CSR) that will be uploaded to your Certificate Authority as part of ordering or renewing the SSL certificate as well as installing the resulting certificate on both servers and finally binding it to the sites in IIS and to the Bridge service via JSON config.

Generating the CSR and completing the certificate

How you generate the CSR will vary depending on the type of certificate you need. Completing it will also differ slightly but the fundamentals are the same- the CSR is sent to the Certificate Authority, the CA responds with a matching certificate package, that will be installed in the Local Machine Certificate Store.

A wildcard certificate secures any subdomain of [yourdomain.com] and has a Common Name (main domain name)  in the form of *.yourdomain.com. You can generate this CSR in IIS. For steps on how to complete a wildcard certificate installation, click here.

A multi-SAN/Multi-Domain CSR is a little trickier to generate as the Windows tools are not as intuitive. For the two subdomains needed to secure the portal (typically portal.yourdomain.com and docitserver.yourdomain.com), you can use our Certificate Tool to generate the CSR. For steps on how to complete a Multi-SAN/Multi-Domain certificate installation, click here.

Installing the same Certificate on the Mobile Gateway (Portal) Server

To install the certificate you created on the Portal server, you must export a .pfx certificate containing the private key, copy it to the Portal Server and import it into the Personal Store of the Local Machine. If you've generated a multi-SAN/multi-domain certificate using Doc.It Certificate Tools, you already have the .pfx file ready. In that case you will be importing that file twice- once into the Personal Store of your Doc.It Server, and once in the same location on your Portal Server.

For instructions on how to import a .pfx certificate, click here.
For instructions on how to export a .pfx certificate, click here.

Binding the Certificates in IIS

Once the completed certificates are installed in the Personal Certificate Store of both Doc.It and Portal servers, you can now bind them to the sites in IIS. To bind a certificate to a website in IIS, select the site, and click Bindings on the right panel. Select the HTTPS binding and click Edit. Select the new SSL certificate from the dropdown. You can also click View to inspect the properties and ensure they are correct. Click ok when done.


Required Bindings:

On the Doc.IT server, select the Portal website, and bind your new certificate to the HTTPS binding.
On the Portal server, select the Mobile Gateway website, and bind your new certificate to the HTTPS binding.

Note: It is recommended that other https bindings on the server are removed if not in use, even if the website is stopped.

Binding the Certificate to the Bridge Service

You will need the thumbprint of your new certificate. You can obtain this on the certificate's Details tab. Copy this value.

On the Doc.It server open Notepad as administrator and within it, open the following file: C:\Doc.It Inc\DocIT Portal 4.5\Bridge\appsettings.Production.json

Paste the copied thumbprint in the SSlBindingThumbPrint property, overwriting the previous entry. Ensure nothing else is modified (do not overwrite a quotation mark). Save the file.


Now restart the Doc.It Bridge service from Services.msc.  Optionally, run the command iisrest from an elevated command prompt on both servers.

The certificate installation is complete. Test your portal externally, including logging in and uploading a file. You should see no errors.
    • Related Articles

    • Adding Graphic/Logo to E-Mail Notification for Portal 4.5

      These instructions refer to Portal 4.5 and Doc.It Suite 4.5 First place the image in a directory reachable via the internet.  For instance  https://portal.yourdomain.com/Content/Images/marketing.jpg is an example.  This image is located in the ...
    • Doc.It Portal 4.5 Training Videos

      Hello Doc.It Users, Here is a list of our training videos for the New Doc.It Portal. You may click on them to stream them directly in your web browser. Doc.It 4.6 Portal videos and other resources can be found here, and here You need to have the ...
    • Doc.It Web Portal 4.5 Deployment Guide and IT Checklist.

      With Doc.It 4.6 now available, be sure to refer to the 4.6 Technical Requirements document attached when sizing your Doc.It server and Gateway Server to be ready for eventual 4.6 migration. Note: The Doc.It Client Portal requires a valid email ...
    • Checking, Adding and Editing Existing Client Information

      Client information in Doc.It Suite includes - Client Type, Client Name, Client Group, Email, Period End, Partner, Manager, Alt. Manager, Priority, Active Status and Office Name. All of this information can be exported to a spreadsheet to check for ...
    • Investment Builder Series (IBS) Sessions and Latest Product Enhancements

      Hello Doc.It Users and Administrators,   This is the container for recorded IBS sessions that you may have missed, or wish to review.  We will also collate the latest Doc.it Suite enhacements here.   IBS Sessions   2017-06-29 Implementing the Doc.It ...