SSL Configuration
This section, optional, explains how to setup SEI with a secure connection between the BI Service and the Web Server (IIS) or the Excel Add-in. The connection from the Web Server to the end user can also be secured with https, however, this is not covered here.
Prerequisites
- SSL certificate from a trusted source (not self-signed).
Important
The Excel Add-in will not work if you use a self-signed certificate.
- The certificate password.
Install the SSL Certificate
On the server where the BI Service is installed: (SEI - Server - Win64.exe):
- Double click on the certificate.
- Select Local Machine and click on Next.
- Enter the certificate password.
- Select a place to store the certificate. (You may use the automate option)
- Click on Next then Finish.
Identify the thumbprint of the certificate
The Thumbprint is provided by the certificate. In the next step we use the information without the spaces.
Use either PowerShell or MMC to get the Thumbprint.
If you use PowerShell to retrieve the Thumbprint:
- Open PowerShell and run the following command:
Get-ChildItem -Path Cert:\LocalMachine\My
- Copy and paste the Thumbprint into a notepad.
If you use MMC to retrieve the Thumbprint:
- Open MMC (Windows key + R, enter mmc and press Enter).
- In the File menu, select Add/Remove Snap-ins.
- In the list, select Certificates and click on Add.
- Select Computer Account and click on Next.
- Select Local Computer and click on Finish.
- Click on OK to get back to the MMC.
- In the left pane, Expand Certificates.
- Under the Personal folder, click on the Certificates folder.
- Double-click to open the certificate installed previously.
- Go to the Details tab and find the Thumbprint field.
- Copy the Thumbprint and paste it into a notepad.
- Remove the spaces.
Reserve and bind the application port
- In the PowerShell window, copy and paste this command and press the Enter key:
netsh http add urlacl url=https://+:4504/ user="EVERYONE"
Where 4504 the BI Service application port is configured in this step.
The value User depends on the language of the server. For example: TODOS in Spanish and TOUT LE MONDE in French.
You can find more information here.
- Bind the certificate:
- Copy and paste this command to a notepad (the same notepad where you put the thumbprint):
netsh http add sslcert ipport=0.0.0.0:4504 certhash=xxxxxxxxxxxxxxxxxxxxxxxxx appid={00000000-0000-0000-0000-000000000000}
- Replace the value of the certhash with the Thumbprint you retrieved in the previous steps.
- In the PowerShell window, enter netsh then press the Enter key.
- Enter http then press the Enter key.
- Paste the rest of the command line ( add sslcert... 0}) and press the Enter key.
- Copy and paste this command to a notepad (the same notepad where you put the thumbprint):
You need to break this command line like this otherwise it won't work like shown in the screen capture below.
Other Useful Commands
Show reserved ports
netsh http show urlacl
Show certificate bindings
netsh http show sslcert
Delete certificate binding
netsh http delete sslcert ipport=0.0.0.0:4504
Delete reserved port
netsh http delete urlacl url=https://+:4504/