You can perform all the script actions manually. For that follow the steps below.
Version 8.5 uses IIS 7 which has its own peculiarities. You will need to bind your security certificate to ONLYOFFICE Community Server using the in-built IIS tools.
If you have a security certificate (either self-signed or issued by a third party), you can bind it to ONLYOFFICE Community Server:
- Enter the Internet Information Services (IIS) Manager.
- Select the site you need to bind certificate to (ONLYOFFICE portal).
- Use the Bindings... option of the right-side menu to open the Site Bindings dialog window.
- In the opened window click the Add... button.
- Change the type for
https
and select the previously created certificate from the SSL certificate drop down menu.
- Click OK and after that close the Site Bindings window.
After that your certificate will be bound to ONLYOFFICE Community Server. If you have more questions about certificates in IIS 7, please refer to the appropriate Microsoft knowledge base articles.
In case you do not have a certificate, it can be created by
Internet Information Services (IIS) Manager means:
- Enter the Internet Information Services (IIS) Manager.
- Go to server name, select it.
- Double-click the Service Certificates option of the IIS section.
- Use the Create Self-Signed Certificate option of the right-side menu to open the corresponding dialog window.
- Enter the desired certificate name and click OK.
Now you have the self-signed certificate with one year validity period.
Now you need to enable the rewrite rules for your server, so that it processed HTTPS requests instead of HTTP ones only. To do that:
- Enter the Internet Information Services (IIS) Manager.
- Select the site you need enable HTTPS for.
- Use the URL Rewrite option of the right-side menu to open the URL Rewrite window.
- Find the following rules:
HTTP to HTTPS
and Add Strict-Transport-Security when HTTPS
and select the Enable Rule for each of them at the right-side panel.
The next steps are not obligatory, but if you want to safeguard your ONLYOFFICE Community Server installation, we strongly recommend that you do it. Go to the IIS Crypto webpage. This is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. It also lets you reorder SSL/TLS cipher suites offered by IIS, implement best practices with a single click, create custom templates and test your website. Download and run it, select Best Practices and then Apply. After that reboot your server.
Now you can check if everything is done correct the following way:
- Open your portal using the https:// prefix. If it opens and works then you did everything alright.
- If your ONLYOFFICE Community Server is available via the internet, you can test its security using the SSL Server Test website. Enter your domain name to the Hostname field and click Submit. Wait for the results. Your security rating should be not worse than A.