Autodesk Vault Setting up SSL for Autodesk Vault
Contents Introduction... 3 Creating a Self-Signed Certificate... 3 How to Setup SSL on IIS... 5 Configuring the Vault Server... 7 Connectivity.ADMSConsole.exe... 7 Web.config... 7 Connectivity.WindowsService.JobDispatch.exe.config... 7 Verify SiteConfiguration.xml... 7 Configuring the Client Workstations... 7 Configuring the Vault File Server... 8 Connectivity.AVFSConsole.exe.config... 8 Web.config... 8 Connectivity.WindowsService.JobDispatch.exe.config... 8 Verify SiteConfiguration.xml... 8 2
Introduction This document is a guideline for setting up Internet Information Services (IIS) with Secure Socket Layers (SSL) to work with Autodesk Vault. This configuration provides an encrypted secure connection between Vault clients and the Vault server. When configuring SSL, you need to determine where you get a certificate for the bindings in IIS. Certificates can get generated as a self-signed certificate in IIS, an internal certificate authority (CA) or a publicly known certificate authority such as Verisign. Creating a Self-Signed Certificate 1. Select the server node in the treeview and double-click the Server Certificates feature in the listview. 2. Click Create Self-Signed Certificate... in the Actions pane. 3
3. Enter a Friendly Name and click OK. 4
How to Setup SSL on IIS 1. Start Internet Information Services, if it is not already running. 2. Expand the Sites tree and select the website that is hosting the AutodesDM Virtual Directory. In the image below, the website is Default Web Site. Select Default Web Site and click Bindings from the Actions pane. 3. Click Add and change the type to https and change the SSL Certificate to the certificate s friendly name that you installed. Click OK. 4. Click Close. 5. Start the ADMS Console, select Tools -> Administration. 6. In the Advanced tab, check the box next to Enable compatibility with SSL. Click OK. Note: If the console appears saying that SSL is not enabled, the certificate may have been issued using an FQDN instead of the NetBIOS name of the server. Continue with the steps and be sure to use the FQDN in the steps. 7. Close the ADMS Console. 5
8. Select the AutodeskDM -> Services Virtual Directory and double-click the SSL Settings button. 9. In the SSL Settings page, click the Require SSL option. 10. If you are planning to use client certificates, Click the Require option under Client certificates. If not, make sure the Ignore option is selected. 11. Click Apply from right Actions pane. 12. Repeat steps 8 11 for the AutodeskDM -> Services -> Filestore Virtual Directory. 13. Repeat steps 8 11 for the AutodeskTC Virtual Directory if you want to configure the Thin Client. 6
Configuring the Vault Server Connectivity.ADMSConsole.exe 1. Make a copy of the connectivity.admsconsole.exe.config located in the <install path>\autodesk\adms Professional 20##\ADMS Console\ directory. 2. Open the config file with Notepad. 3. Find the <system.servicemodel><client> section and edit the endpoints to https://fqdn (Fully Qualified Domain Name). There are three lines that need editing. Note: on two lines you need to remove localhost:80. 4. In the <connectivity.vaultmanager> section, change the value of IPADDRESS value from 127.0.0.1 to FQDN, change the value of SSL from 0 to 1 and change the value of value of PORT from 80 to 443 Note: Do not include HTTPS. 5. Save the configuration file. Web.config 1. Make a copy of the web.config file located in the <install path>\autodesk\adms Professional 20##\server\web\services\ directory. 2. Open the config file with NotePad. 3. Find the <system.servicemodel><client> section and edit the endpoints to https://fqdn. There are four lines that need editing. 4. Find the <connectivity.web> section and set sslrequired to true. 5. Save the configuration file. 6. Restart IIS. Connectivity.WindowsService.JobDispatch.exe.config 1. Make a copy of the Connectivity.WindowsServer.JobDispatch.exe.config file located in the <install path>\autodesk\adms Professional 20##\server\dispatch directory. 2. Open JobDispatch application configuration file with Notepad. 3. In the <System.servicemodel><client> section, change value of address from http://localhost:80 or computer name to https://fqdn 4. Save the configuration file. 5. Restart the service via Control Panel->Administrative Tools->Services.msc Verify SiteConfiguration.xml 1. Open the file C:\ProgramData\Autodesk\VaultServer\Configuration\SiteConfiguration.xml with Notepad. 2. In the <SiteConfiration> section, verify the value of Uri and secureuri reflects the https://fqdn and verify that the generateuri value is false. 3. Close or Save the configuration file. Configuring the Client Workstations Perform the following on the machine connecting to the Vault Server. You may only need to perform step 2 or 3 depending on how the certificate was exported. Installing the Certificate (CA) 1. Launch the MMC -> Add Certificates Snap-in for Local Machine. 2. Import %CA_NAME%.pfx to the Certificates (Local Computer) -> Trusted Root Certification Authority location. 3. Import %CA_NAME%.crl to the Certificates (Local Computer) -> Trusted Root Certification Authority location. The import(s) should be successful. 7
Configuring the Vault File Server Follow the same steps in the Creating a Self-signed Certificate section above. Also, follow the steps in the How to Setup SSL on IIS section above excluding setting SSL on the FileStore folder. Connectivity.AVFSConsole.exe.config 1. Make a copy of the connectivity.avfsconsole.exe.config located in the <install path>\autodesk\vault File Server 20##\AVFS Console\ directory. 2. Open the config file with Notepad. 3. Find the <system.servicemodel><client> section and edit the endpoints to https://fqdn (Fully Qualified Domain Name). There are two lines that need editing. 4. Save the configuration file Web.config 1. Make a copy of the web.config file located in the <install path>\autodesk\vault File Server 20##\server\web\services\ directory. 2. Open the config file with NotePad. 3. Find the <system.servicemodel><client> section and edit the endpoints to https://fqdn. There are two lines that need editing. 4. Find the <connectivity.web> section and set sslrequired to true. 5. Save the configuration file. 6. Restart IIS. Connectivity.WindowsService.JobDispatch.exe.config 1. Make a copy of the Connectivity.WindowsServer.JobDispatch.exe.config file located in the <install path>\autodesk\vault File Server 20##\server\dispatch directory. 2. Open JobDispatch application configuration file with Notepad. 3. In the <System.servicemodel><client> section, change value of address from http://localhost:80 or computer name to https://fqdn 4. Save the configuration file. 5. Restart the service via Control Panel->Administrative Tools->Services.msc Verify SiteConfiguration.xml 1. Open the file C:\ProgramData\Autodesk\VaultServer\Configuration\SiteConfiguration.xml with Notepad. 2. In the <SiteConfiration> Filestore section, edit the value of Uri and secureuri reflects the https://fqdn and verify that the generateuri value is false. 3. In the <SiteConfiration> DataManager section, verify the value of Uri and secureuri reflects the https://fqdn and verify that the generateuri value is false. Note: Launch the AVFS Console and connect to the remove Vault Server before reviewing this section. This section should be updated automatically after it is configured. 4. Close or Save the configuration file. Autodesk [and other products] are registered trademarks or trademarks of Autodesk, Inc., and/or its subsidiaries and/or affiliates in the USA and/or other countries. All other brand names, product names, or trademarks belong to their respective holders. Autodesk reserves the right to alter product and services offerings, and specifications and pricing at any time without notice, and is not responsible for typographical or graphical errors that may appear in this document. 2016 Autodesk, Inc. All rights reserved. 8