By Oskar Lindberg, Content Studio Web Architect

Conceptually, achieving a secure SSL connection for the Content Studio (CS) Administration web should not be an overwhelming task, but getting the Web View to work without prompting for approving "unsecured" content and a second log in may appear to be tricky at first glance. This article will describe how to go about the task.

The second option described below involves creating two separate webs on the Internet Information Service (IIS), and configure one for http access and one for https. While this may seem an overly complicated solution, it may still prove useful under certain circumstances to have the webs separated. If this is your preferred alternative, jump straight to section two.

For most situations however, our hereafter described solution is recommended. In any case, before getting started, please make sure that the SSL certificate to be used is installed correctly on your Internet Information Services (IIS). If needed, refer to the IIS documentation for further instructions. (Any visual references made below apply to a standard Windows Server 2003 installation):

Note
The procedure of configuring Windows Server 2008 (Code name Longhorn) is radically different from the procedure below since the IIS has been rebuilt. Additionaly, the client operating systems, such as Windows XP and Vista, only support one Web site making this instructions applicable for server systems only.

First alternative, using only one Web Site

  1. Open the Internet Information Services (IIS) Manager and right-click the Content Studio (CS) web site you whish to configure for SSL encrypted communication, and then select Properties.
  2. Click the Directory Security tab and then the button labeled Server Certificate…
  3. Add your certificate to the web by following the instructions. Make sure that the port used for SSL connection (443 by default) is not occupied by any other web site. Please refer to your IIS documentation for further details.
  4. Click the Edit… button under Authentication and access control. Make sure all the settings are the way you need them to be – i.e. if it is a public web site, the Enable anonymous access check box should be ticked.
  5. Also, the Authentication access configuration must be in synch between the web site in general and the CS application – which is to be configured in the next steps – and for the purpose of securing basic authentication using SSL for the CS administrative web, that means that you should tick the Basic authentication (password is sent in clear text) check box. Click the Yes button when presented with a warning dialog (though feel free to read it though first). No other check boxes in the Authentication access field should be ticked.
  6. Click OK, and then OK again to apply your configuration and close the dialogs.
  7. You may be presented with additional dialogs that concern the heritage of your settings. All the configuration needed is described in the following steps, so it will be OK to ignore these dialogs.
  8. Now, expand the CS web site folder and right-click the CS application – the cog wheel by the default name of "cs" – and select Properties.
  9. Click the Directory Securities tab, and then the Edit… button in the Secure communications field.
  10. Tick the Require secure channel (SSL) check box, and if appropriate, the Require 128-bit encryption check box as well. Please refer to your IIS documentation for further details.
  11. Click OK to close the dialog.
  12. Click the Edit… button in the Authentication and access control field.
  13. Make sure that the Enable anonymous access check box is NOT ticked, and that the Basic authentication check box IS. No other check boxes in the Authentication access field should be ticked.
  14. Click OK, and then OK again to apply your configuration and close the dialogs.
  15. It may be necessary to restart the IIS to get all your configurations to apply immediately, by right-clicking the local computer icon on the IIS and selecting All Tasks/Restart IIS… If you feel certain your actions will not interfere with anyone, it is recommended that you do this. When this step is completed, you may close the IIS Manager.
  16. Now, run the CS Site Content Manager, located under Start/Programs/Content Studio v5.0 folder. Select the web site in question and click the Site Settings… button.
  17. Click the URL and Multi Homing tab.
  18. In the following steps, it is of vital importance that your get the order right. The https URLs must be the base of the CS configuration in order for the Web view to work hassle free. Also note that your specific setup may require you to name things slightly differently
  19. 19. In the URL to site field, type "https://mysite/", where "mysite" should be replaced by whatever is appropriate for your setup.
  20. 20. In the URL to admin site field, type "https://mysite/cs", where again "mysite" should be replaced by whatever is appropriate for your setup, and where "/cs" is the default path, but may be something else in your setup.
  21. Make sure that you leave all Multi homed related fields blank.
  22. 22. Click the Apply button, followed by the OK button, and then the Exit button to exit the Site Content Manager.
  23. 23. Log on to CS admin and right-click the site root in the Web Tree and select Properties…, then click the Restart website button to renew all CS settings, including those applicable to using https for all communications through the Web View, as now configured through the Site Content Manager in earlier steps.
  24. Do not forget to check and try all your configurations thoroughly to make sure the results are satisfactory.

This configuration also makes it possible to choose secured SSL communication for a selected part of the public web, simply by ways of constructing links using the https protocol
Be aware that the automatically generated JavaScript variables AdminURL and SiteURL, that are available on each page, will contain the https urls, and that some of the standard CS AS components may be utilizing those. Also, any CS Edit Template brought out of the CS administrative interface to the web will still require an SSL secured connection.

Second alternative, using two web sites

  1. Open the Internet Information Services (IIS) Manager and right-click the web site you whish to duplicate, and then select All tasks/Save Configuration to a File… Follow the procedure through.
  2. Right-click the Web Sites folder and select New/Web Site (from file)… Browse for the file created in step one, and follow the procedure through. This should create a duplicate web site on the IIS, with all the same settings as the original, and pointing to the same file directories on the server.
  3. It is suggested that you name the webs according to their respective function, i. e. "My Webb Secure" for the SSL configured web, to avoid confusion. Also, make sure the sites do not collide on the same port, or with any other web site, by specifying at least one specific host header (see the IIS documentation for further instructions on how to do this). Remember that this may apply to the port configured for SSL connections (443 by default) as well.
  4. Right-click the web folder of the site intended to run CS admin through SSL, and select Properties… (Please note that in the following few steps, the configuration of authentication protocols etc. for your specific setup may require you to do things slightly differently than described.)
  5. Click the Directory Securities tab, and then the Edit… button in the Secure communications field.
  6. Tick the Require secure channel (SSL) check box, and if appropriate, the Require 128-bit encryption check box as well. Please refer to your IIS documentation for further details.
  7. Click OK to close the dialog.
  8. Click the Edit… button in the Authentication and access control field.
  9. Make sure that the Enable anonymous access check box is NOT ticked, and that the Basic authentication check box IS. No other check boxes in the Authentication access field should be ticked.
  10. Click OK, and then OK again to apply your changes and close the dialogs.
  11. You may be presented with additional dialogs that concern the heritage of your settings. All the configuration needed is described in the following steps, so it will be OK to ignore these dialogs.
  12. Now, expand the CS web site folder and right-click the CS application – the cog wheel by the default name of "cs" – and select Properties.
  13. Click the Edit… button under Authentication and access control. Make sure that all the settings here match those you made for the web folder exactly, that is that the Enable anonymous access check box is NOT ticked, and that the Basic authentication check box IS. No other check boxes in the Authentication access field should be ticked.
  14. Click OK, and then OK again to apply your changes and close the dialogs.
  15. Now remove the CS application, default name "cs", from the "unsecured" web site (the cog wheel inside the web site folder). This is to make completely sure that the CS admin interface now longer will be accessible through an unsecured connection, e. g. http. Provided that you had an operational CS web before starting, no further configuration of the "unsecured" web should be required.
  16. It may be necessary to restart the IIS to get all your configurations to apply immediately, by right-clicking the local computer icon on the IIS and selecting All Tasks/Restart IIS… If you feel certain your actions will not interfere with anyone, it is recommended that you do this. When this step is completed, you may close the IIS Manager.
  17. Now, run the CS Site Content Manager, located under Start/Programs/Content Studio v5.0 folder. Select the web site in question and click the Site Settings… button.
  18. Click the URL and Multi Homing tab.
  19. In the next few steps you will configure the URL settings for both your webs. It is not necessary to set a value for an unsecured admin URL, although even if you do, nothing will respond to it since you removed the CS application in step 5. It is recommended that you leave this field blank when completing these steps.
  20. In the first two fields, "URL to site" and "URL to admin site", set the complete, absolute URLs for either the http or https web site pair (i. e. "http://mysite/" and "http://mysite/cs").
  21. In the third and fourth field respectively, "Multi homed site URL" and "Multi homed admin URL", set the URLs for whichever you did not use in step 9, e. g. if you already set the http URL pair, now set the https URL pair (i. e. "https://mysite/" and "https://mysite/cs"). Setting these URLs in pairs like this will ensure that whenever you are in on the CS admin web (e. g. logged on to CS), if you access the web view CS will be able to browse your web using https.
  22. Click the Apply button, followed by the OK button, and then the Exit button to exit the Site Content Manager.
  23. Log on to CS admin and right-click the site root in the Web Tree and select Properties…, then click the Restart website button to renew all CS settings, including those applicable to using https for all communications through the Web View, as now configured through the Site Content Manager in earlier steps.
  24. Do not forget to check and try all your configurations thoroughly to make sure the results are satisfactory.

This alternative makes it possible to address either one of the web sites depending on your needs. However, it will require different URLs for configuring the host headers on the IIS, unless Default Website is available.
If the CS application is removed in step 15 above, again any CS Edit Template brought out of the CS administrative interface to the web will still require an SSL secured connection. Also, the same concerns as in the single-web solution may apply to the automatically generated JavaScript variables AdminURL and SiteURL (see above).
In both cases, please take this opportunity to also revise your DisplaySiteUrlData setting for the web. Setting it to something else than "0" (zero) may me advisable, depending on the requirements of your solution.