You are here: Setup > Advanced Configuration > SSL Certificates

SSL Certificates

This topic explains how to generate a certificate request and install SSL certificates on MEDIAL to enable authenticated, secure HTTP connections.

Warning: To use SSL, the MEDIAL websites must be running on separate IP addresses. This is necessary because the certificate will be used as the host header for the sites. If both sites are using the same IP address, a port conflict will make it impossible to start them both. For details about assigning IP addresses to sites, refer to Bind IP Addresses.

Create a Certificate Request

The certificate request provides information about your organization that the certificate signing authority uses to generate the certificates.

1. Open IIS by clicking on the Windows icon —.

2. Type Internet Information Services and click the IIS Manager when it appears.

3. Expand the main node and double-click Server Certificate.

4. From the right-hand options, choose Create Certificate Request…

5. In the first page of the wizard, fill out the details of your organization and click Next.

Tip: The common name should be the fully qualified domain name of the site. If you are generating a wildcard certificate request, enter only the institution's domain, such as domain.ac.uk.

6. Leave the Cryptographic service provider set to the default value, but change Bit length to at least 2048 bits. Click Next.

7. Save the certificate request to disk and click Finish.

8. If the certificate request uses a wildcard for the domain, you need only the single request file. If the certificate request was for a specific site only, repeat the process for the other MEDIAL site.

Complete the Certificate Request

When you have generated one or more certificate requests as needed, submit them to your preferred certificate signing authority. Once the certificate request has been fulfilled by the authority, complete the certificate request in IIS.

1. In IIS, select the main server node and double-click Server Certificates.

2. From the options on the right side, choose Complete Certificate Request…

3. Locate the certificate and give it a friendly name that allows you to identify the certificate easily. Click OK.

4. If this is a wildcard, the certificate can be used for both MEDIAL sites. Repeat the process if you have another certificate to add for the upload site.

Apply the Certificates

1. Expand the server node in IIS. Expand the sites node and click on the MEDIAL site.

2. On the right side click Bindings…

3. Click Add.

4. Add the site binding, selecting the correct IP address from the site. Choose the certificate from the SSL certificate drop-down box. If your certificate is a wildcard one, enter the FQDN of the site in the Host name box. Click OK.

5. Click Close on the Site Binding window and repeat the process for the upload site.

Require SSL Access

Once you have obtained and applied the certificates, it is recommended that you enforce the use of secure HTTP for all HTTP connections.

1. In IIS, click SSL Settings for the site.

2. Check the Require SSL box.

Note: If you have existing links to MEDIAL content that use standard HTTP, you can leave the Require SSL box unchecked to keep these links working.

3. Repeat for the second site as needed.

Change URL References

If you are enforcing secure access, update the MEDIAL base URLs to use HTTPS rather than HTTP.

1. Log into MEDIAL as administrator and navigate to the administrator site. Click Settings.

2. Expand the URL References accordion and change the front-end and upload site URLs from http to https. Click Save at the bottom of the screen.

Warning: Do not change the MEDIAL URLs for RTSP and RTMP. Doing so will prevent streaming playback.

 

Copyright © 2017 Streaming Ltd