SSL Configuration

This section, optional, explains how to setup Nectari with a secure connection between the BI Service and the Web Server (IIS) or the Excel Add-in. The connection from the Web Server to the end user can also be secured with https, however, this is not covered here.

Prerequisites

  1. SSL certificate from a trusted source (not self-signed).
    Important

    The Excel Add-in will not work if you use a self-signed certificate.

  1. The certificate password.

Install the SSL Certificate

On the server where the BI Service is installed: (Nectari - Server - Win64.exe):

  1. Double click on the certificate.
  2. Select Local Machine and click on Next.
  3. Enter the certificate password.
  4. Select a place to store the certificate. (You may use the automate option)
  5. Click on Next then Finish.

Identify the thumbprint of the certificate

The Thumbprint is provided by the certificate. In the next step we use the information without the spaces.

Use either PowerShell or MMC to get the Thumbprint.

If you use PowerShell to retrieve the Thumbprint:

  • Open PowerShell and run the following command:
Get-ChildItem -Path Cert:\LocalMachine\My

  • Copy and paste the Thumbprint into a notepad.

If you use MMC to retrieve the Thumbprint:

  1. Open MMC (Windows key + R, enter mmc and press Enter).
  2. In the File menu, select Add/Remove Snap-ins.
  3. In the list, select Certificates and click on Add.
  4. Select Computer Account and click on Next.
  5. Select Local Computer and click on Finish.
  6. Click on OK to get back to the MMC.
  7. In the left pane, Expand Certificates.
  8. Under the Personal folder, click on the Certificates folder.
  9. Double-click to open the certificate installed previously.
  10. Go to the Details tab and find the Thumbprint field.
  11. Copy the Thumbprint and paste it into a notepad.
  12. Remove the spaces.

Reserve and bind the application port

  1. In the PowerShell window, copy and paste this command and press the Enter key:
    netsh http add urlacl url=https://+:4504/ user="EVERYONE"
Note

Where 4504 the BI Service application port is configured in this step.

The value User depends on the language of the server. For example: TODOS in Spanish and TOUT LE MONDE in French.

You can find more information here.

  1. Bind the certificate:
    1. Copy and paste this command to a notepad (the same notepad where you put the thumbprint):
      netsh http add sslcert ipport=0.0.0.0:4504 certhash=xxxxxxxxxxxxxxxxxxxxxxxxx appid={00000000-0000-0000-0000-000000000000}
    2. Replace the value of the certhash with the Thumbprint you retrieved in the previous steps.
    3. In the PowerShell window, enter netsh then press the Enter key.
    4. Enter http then press the Enter key.
    5. Paste the rest of the command line ( add sslcert... 0}) and press the Enter key.

Note

You need to break this command line like this otherwise it won't work like shown in the screen capture below.

Other Useful Commands

Show reserved ports 

netsh http show urlacl

 

Show certificate bindings 

netsh http show sslcert

 

Delete certificate binding 

netsh http delete sslcert ipport=0.0.0.0:4504

 

Delete reserved port 

netsh http delete urlacl url=https://+:4504/