Configuring SSL in IIS Express

Recent Lansweeper releases automatically set up SSL for you if you install the console under IIS Express, the default web server. If you update your Lansweeper installation from an older release, SSL is automatically set up as well. You can customize your SSL setup however, by choosing a custom HTTPS port, setting up a custom certificate and/or forcing HTTPS.

To customize your SSL setup if your console is running under IIS Express (the default web server), do the following:

  1. Stop the IIS Express service in Windows Services
    stopping the web server service
  2. If you would like to change the HTTPS port chosen during your initial Lansweeper installation, open the file below with Notepad or another text editor, perform a search for bindingInformation and replace your current HTTP and HTTPS ports with custom (free) ports of your choice.
    Program Files (x86)\Lansweeper\IISexpress\iisexpress.config
    changing HTTP and HTTPS ports under IIS Express
  3. If you would like to replace the built-in SSL certificate with your own one, perform these steps:
    1. open the Windows Certificate Manager (certmgr.msc) and browse to your own certificate
    2. double-click on your certificate and open tab "Details"
    3. mark the "Thumbprint" attribute and copy its value
      Certificate Thumbprint
    4. open the following file with Notepad or another text editor, search for UseCustomSSLCertificate and set it to 1
      Program Files (x86)\Lansweeper\IISexpress\IISExpressSvc.exe.config
    5. paste the Thumbprint of your certificate into the value of CertificateThumbPrint and save the file
      IISExpressSvc configuration
    Client browsers need to trust your certificate or have it locally installed in order to open the web page on an HTTPS connection
  4. Restart the IIS Express service in Windows Services
    starting the web server service
  5. Optionally, you can have Lansweeper redirect HTTP traffic to HTTPS by ticking Force Https in the following section of the web console: Configuration\Website Access. You may need to restart the IIS Express service again to make the change take effect.
    Website Access menu
    enabling Force Https
     Old Lansweeper releases may ask you to submit the HTTPS port in the web console as well. Make sure the HTTPS port submitted in the web console matches the HTTPS port submitted in your iisexpress.config file earlier.
     Make sure HTTPS access is working properly prior to ticking Force Https. If the HTTPS port is incorrectly configured, you will lock yourself out of the web console. You can test HTTPS access by browsing to: https://<IP or name of the machine hosting your console>:<HTTPS port number>/
    Should you lock yourself out, run the following executable on the machine hosting the Lansweeper service and hit Reset Https: Program Files (x86)\Lansweeper\Service\ResetWebUserRoles.exe

Related Articles