Description
By default, Enterprise Vault (EV) Compliance Accelerator (CA) and Discovery Accelerator (DA) servers use HTTP for all browser based traffic between the various virtual directories (such as CAReporting and DAReporting) configured in IIS. For browser communications which may contain sensitive data (such as ODATA reports), it is recommended to secure the reporting sites, thus encrypting potentially sensitive ODATA content.
A server certificate is required to be installed, and configured on the reporting virtual directory. The process is the same for both CA (CAReporting virtual directory) and DA (DAReporting virtual directory).
- Log on to the CA or DA server as the EV Service Account (VSA).
- Use Internet Information Services (IIS) Manager to generate a certificate request or to install a certificate from a trusted Certificate Authority to the server object.
- If a certificate has not been purchased from a trusted Certificate Authority, an optional process is described below which will generate a self-signed certificate valid for 5-years
- Once the certificate has been installed, expand to and click on the CAReporting or DAReporting virtual directory.
- Note that you may also perform this at the higher "Default Web Site" level to secure all communications in all virtual directories on the server, including the evbaadmin site.
- In the IIS section, double-click on "SSL Settings" as shown below, and check the "Require SSL" check-box, ignoring the client certificates, then click the "Apply" link in the Actions pane.
- Restart IIS
- Confirm that the certificate has been properly applied to the reporting virtual directory by opening a browser and navigating to the following address:
https://[CA or DA servername].[domain].com/[CAReporting or DAReporting]/OData/$metadata
- When connecting to the reporting site from a browser, the certificate will need to be trusted on the client.
To optionally generate a self-signed certificate valid for 5-years, instead of purchasing a certificate from a trusted Certificate Authority, perform the following:
- As the VSA account, open an elevated command prompt window.
- Navigate to the install directory for Enterprise Vault, typically
C:\Program Files (x86)\Enterprise Vault\
- Run the following command:
HTTPSBindingAndCertificateProvider createcertificateandbinding [servername].[domain].com 1
- Confirm using IIS Manager that a certificate named "Enterprise Vault" has been installed at the server level.
The above method will require the certificate to be installed and trusted on all browsers accessing the DA or DA site(s)