Monthly Archives: November 2020

Setup HSTS and rewrite for IIS 8 and .NET

Posted on by
Reply

For your .NET Website, this is the simple way below, just update your web.config with the following:


<system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="Strict-Transport-Security" value="max-age=31536000" />
      </customHeaders>
    </httpProtocol>
    <rewrite>
      <rules>
        <rule name="HTTPS force" enabled="true" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTPS}" pattern="^OFF$" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</system.webServer>

If you want to do it with IIS 8

  • Open IIS 8
  • Click “Add Rule(s)”
  • Blank rule
  • Name: HSTS Redirect
  • Requested URL: Matches the Pattern
  • Using: Regular Expressions
  • Pattern: (.*)
  • Ignore case: Checked

Conditions

  • Logical grouping: Match all
  • Click “Add”
  • Condition input: {HTTPS}
  • Check if input string: Matches the Pattern
  • Pattern: ^OFF$
  • Ignore case: Checked

Action

  • Action type: Redirect
  • Redirect URL: https://{HTTP_HOST}/{R:1}
  • Append query string: Checked
  • Redirect type: Permanent (301)

How to Setup Free SSL on your website in IIS 8

Posted on by
Reply

The Site I used for this example is https://www.sslforfree.com/

  • Create an account
    • This will let you create 3 free 90 day CERTS
  • Click New Certificate
  • Enter your domain:
    • www.reynoldtech.com
  • Select 90-Day Certificate
  • Auto-Generate CSR
  • Select the Free Plan

Your Certificate has been created

  • Email it to yourself
    • Must be admin email
  • Click Verify Domain
    • Email will be sent to your admin
    • This may take a few minutes
  • Copy the Verification Key from email
  • Go To Verification Page from email
  • Paste in the Verification Code
  • Certificate will be Issued
    • You will get a notification email
  • Click the Install Certificate link from the email

Download Certificate

  • This is a zip file with the following:
    • ca_bundle.crt
    • certificate.crt
    • private.key

We need to convert this to PFX/PKCS#12 so that IIS 8 can read this.

  • Go to: https://sslshopper.com/ssl-converter.html
    • Certificate File to Convert: certificate.crt
    • Type of Current Certificate: Standard PEM
    • Type To Convert To: PFX/PKCS#12
    • Private Key File: private.key
    • Chain Certificate File: ca_bundle.crt
  • Click “Convert Certificate”
  • You will download “certificate.pfx”

Upload all 4 files to your webserver that runs IIS

  • ca_bundle.crt
  • certificate.crt
  • certificate.pfx
  • private.key

On your webserver

  • Right-click: ca_bundle.crt
  • Install Certificate
    • Local Machine
    • Automatically select the certificate store based on the type of certificate
    • Next/Finish

Start IIS 8 Manager

  • Click Your Server
  • Open “Server Certificates”
  • Click “Complete Certificate Request”
    • File name containing the certification authority’s response: certificate.pfx
    • Fill in Friendly Name: www ReynoldTech yyyy-mm-dd
    • You can delete the old one later…
    • Select a certificate store for the new certificate: Personal
  • Navigate to “Sites”
  • Select your website
  • Click “Bindings”
    • If you are renewing, just select the new SSL certificate (Edit)
    • Add
      • Type: https
      • IP address: All Unassigned
      • Port: 443
      • Host name: www.reynoldtech.com
      • Check: Require Server Name Indication
      • SSL certificate: www ReynoldTech yyyy-mm-dd
  • Restart your website
  • Your website is now secure:
  • If this was a certificate renewal, you can now revoke your old certificate on ZeroSSL or just let it expire

Notes, Refences, and Special Thanks

Next Logical step is to set up a permanent redirect, see this:
https://www.reynoldtech.com/setup-hsts-and-rewrite-for-iis-8-and-net/

This is for most of the IIS setup, but won’t work unless you convert to pfx first:
https://www.godaddy.com/help/manually-install-an-ssl-certificate-on-my-iis-8-server-4951

This YouTube video helped me: (Note, this is in Vietnamese I think, but I was able to follow on how to convert to pfx)
https://www.youtube.com/watch?v=l1j7QBFE32s

Connecting to SQL Server after installation

Posted on by
Reply

After installing SQL Server, you will need to configure it so you can connect.

Open SQL Server Configuration Manager

SQL Server Network Configuration:

Protocols for YOURINSTANCENAME
TCP/IP: Enabled

Restart YOURINSTANCENAME

SQL Server Network Configuration:

Protocols
TCP/IP
IP Addresses
TCP Port: 9999 (your chosen port)

Create a Firewall Rule for the port:

Name it something like SQLServer 9999 TCP

Your connection to this new instance from SQL Server Management Studio will be:

yourdomain.com\YOURINSTANCENAME,9999