SSL Configuration

This section,optional, explains how to setup Nectari with a secure connection between the BI Service and the Web Server (IIS) or the Excel Add-in. The connection from the Web Server to the end user can also be secured with https, however, this is not covered here.

Prerequisites

  1. SSL certificate from a trusted source (not self-signed).
    Important

    The Excel Add-in will not work if you use a self-signed certificate.

  1. The certificate password.

Install the SSL Certificate

On the server where the BI Service is installed: (Nectari - Server - Win64.exe):

  1. Double click on the certificate.
  2. Select Local Machine and click on Next.
  3. Enter the certificate password.
  4. Select a place to store the certificate. (You may use the automate option)
  5. Click on Next then Finish.

Identify the thumbprint of the certificate

The Thumbprint is provided by the certificate. In the next step we use the information without the spaces.

Use either PowerShell or MMC to get the Thumbprint.

Command Line

  • Open PowerShell and run the following command:
Get-ChildItem -path cert:\LocalMachine\My

Graphic Interface

  1. Open MMC (Windows key + R, enter mmc and press Enter).
  2. In the File menu, select Add/Remove Snap-ins.
  3. In the list, select Certificates and click on Add.
  4. Select Computer Account and click on Next.
  5. Select Local Computer and click on Finish.
  6. Click on OK to get back to the MMC.
  7. In the left pane, Expand Certificates.
  8. Under the Personal folder, click on the Certificates folder.
  9. Double-click to open the certificate installed previously.
  10. Go to the Details tab and find the Thumbprint field.
  11. Copy the Thumbprint and remove the spaces.

Reserve and bind the application port

  1. Reserve the desired Application Port.
netsh http add urlacl url=https://+:4504/ user="EVERYONE"

Where 4504 the BI Service application port is configured in Enter the Server Name and the Application Port to use. .

Note

The value User depends on the language of the server. For example: TODOS in Spanish and TOUT LE MONDE in French.

You can find more information here.

  1. Bind the certificate. You will need the Certificate Hash.
netsh http add sslcert ipport=0.0.0.0:4504
    certhash=afabc3fe7f3eb1ce420ba02065e57f74652d631
    appid={00000000-0000-0000-0000-000000000000}

Where 4504, the application port, is changed by the port configured for the BI Service and the value of Certhashis the Thumbprint found at the previous step.

Other Useful Commands

Show reserved ports

netsh http show urlacl

 

Show certificate bindings

netsh http show sslcert

 

Delete certificate binding

netsh http delete sslcert ipport=0.0.0.0:4504

 

Delete reserved port

netsh http delete urlacl url=https://+:4504/