Enabling HTTPS in FotoWeb
First off, you need to configure FotoWeb to use the HTTPS protocol. This is done in the FotoWeb configuration on the Settings tab under Site | Identification
Switch the protocol to https. The port number changes to 443.
When configuring https for FotoWeb running on an Apache server, the only allowed port is 443.
Other port numbers are not supported.
Secure communications using Apache web server
When running FotoWeb on the embedded Apache web server, a self-signed certificate is installed during the site setup. You can also obtain a certificate from a trusted provider and place the certificate file in C:\ProgramData\FotoWare\FotoWeb\Site Settings\YOURSITE\Configuration.
Important: The certificate MUST be called YOURSITE.crt, where YOURSITE is the name of your site.
Certificate chain files
When using the embedded Apache web server, it is possible to use a certificate chain file in addition to your own certificate files.
The certificate chain file has to be called YOURSITE.chain.crt and must be placed in the “Configuration” folder of your site, e.g., C:\ProgramData\FotoWare\FotoWeb\Site Settings\YOURSITE\Configuration, together with your other certificate files.
If you add or remove a certificate chain file for a site, you have to restart FotoWeb for the change to take effect.
Important note on ports when using Apache web server
When Apache is used to host the FotoWeb server, both ports 80 and 443 must be available to FotoWeb, whether http or https has been chosen. Notifications will be seen in the Operations Center log if either of these ports are blocked by other applications.
Software that can lay claim to these ports include:
- Skype (port 443). Can be disabled in Skype settings.
- VMWare Workstation (port 443). Can be disabled in VMWare settings (“Shared VMs”).
- Microsoft SQLServer Monitor (port 80 or 443? Disable if service is not needed)
- Microsoft WWW Publishing Service (port 80?. Disable if service is not needed; typically seen on development machines only)
- IIS (port 80 and/or 443. Stop or uninstall if not needed. Change bindings on default home page to something other than port 80/443 if possible)
How to find out manually which processes are using port 80 or 443
- Run “netstat –ba” to see process IDs of processes listening on various ports
- Run “netsh http show service” to see services running under the system process (such as IIS) that listen on various ports
- Open http://localhost:80 / https://localhost:443 in the browser to get a clue about the application that is responding. Maybe use Fiddler to get more clues from HTTP headers, or run “telnet localhost 80” (443).
Enabling secure communications in IIS 7 - Windows Server 2008
In IIS 7 you should start by installing the server certificate before you set up the https binding to the website:
Creating or installing a server certificate
- Open the IIS Manager and click on the local computer. Then double-click the Server Certificates feature under IIS.
- If you have received a server certificate from a provider, click on Import in the Actions panel to the right.
To create a self-signed certificate, click on Create Self-Signed Certificate... and follow the instructions given.
Adding secure communications to the site
- In the IIS Manager, expand the Sites node and right-click on the site you want to modify.
- Select Edit Bindings from the context menu.
- Click on Add and choose https with port number 443.
- Also choose the certificate you want to use for the connection. You can choose the certificate you imported in a previous step or a self-signed certificate.