Contents x
    SSL Configuration For The MFA Server
    • 12 Dec 2024
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    SSL Configuration For The MFA Server

    • Updated on 12 Dec 2024
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    By default, the MFA server installation is HTTP. It is possible to set up HTTPS either for extra security or PingMe authentication.


    What You Will Need
    • SSL wildcard (*) certificate from a public certificate authority installed to your MFA server (for the public server and PingMe)
      -- or --
    • A self-signed certificate or one issued by your network's Certificate Authority if it's just an internal environment (internally issued certificates do not work for PingMe setups)
    Check Your Version

    The file paths used in this article are under the assumption that your MFA server is on v4.9.5.1 or later. If it is not, it is strongly recommended to upgrade. Please see our server upgrade information page for more information and reach out to us if you have any more questions that it may not cover.

    Part 1 - Set FQDN in all web.config files

    There are 4 configuration files in the server installation path that must be updated. Each web.config file is located at:

    • C:\Program Files\Identity Automation\RapidIdentity MFA\ api\
    • C:\Program Files\Identity Automation\RapidIdentity MFA\ RestServices\
    • C:\Program Files\Identity Automation\RapidIdentity MFA\ selfservicessite\
    • C:\Program Files\Identity Automation\RapidIdentity MFA\ website\

    1. Open Notepad as an Administrator.
    2. Open any of the web.config files from the list above.
    3. In the file, you can find the server's current URL. This will typically be the original server name if it wasn't changed.
    4. Open the 'Replace' tool or use the keyboard shortcut Ctrl + h.
      setup SSL - webConfig.png

    1. Choose "Replace All" to update all of the occurrences of the HTTP URL to become your new HTTPS URL. It's recommended and easiest to just find the HTTP://servername and leave the trailing forward slash off—like the Step 4 example—in the search and replacement.
    2. Repeat Steps 3-5 for the remaining web.config files.

    Part 2 - Update IIS Bindings

    1. Open IIS.

    2. Verify that your server certificate has been installed.
      setup SSL IIS 1 - server certs.png

      ⬇️⬇️⬇️
      setup SSL IIS 2 - confirm cert is there.png


    1. Expand your IIS site > Sites > Default Web Site.
      setup SSL IIS 3 - expand sites.png

    1. On the right-hand side, click Bindings...
      setup SSL IIS 4 - bindings.png

    1. In the Site Bindings pop-up, click "Add...".
      setup SSL IIS 5 - add binding.png

    1. In the Add Site Binding pop-up, set the following:
      a. Type: HTTPS
      b. Host name: to the FQDN that was used in Part 1 for the web.config files
      c. SSL certificate: use the dropdown box to select your certificate
      setup SSL IIS 6 - add binding 2.png


      d. Once you've selected your certificate, you can click "View" to see and verify the certificate's information.
      setup SSL IIS 7 - add binding 3.png


    1. Close out of the IIS binding windows and perform an IIS reset.
    2. Open up your Admin Portal to verify that you're able to log.
      portal login.png

    Troubleshooting

    If you are getting the red text error "Your request cannot be processed..." when trying to log in to the Admin Portal, see our troubleshooting article. If the suggestions there do not help, please open a ticket with us for a Support Engineer to further assist you.

    Was this article helpful?
    What's Next