MS Partner logo

How to configure IIS to use HTTPs for the GFI MailArchiver configuration.

The information in this article applies to:

  • GFI MailArchiver for Exchange 3
  • GFI MailArchiver for Exchange 4
  • GFI MailArchiver for Exchange 5
  • GFI MailArchiver for Exchange 6

Article ID: KBID002670

Query keywords: HTTPs, Secure

Configuring IIS to use HTTPs will provide a secure connection to the GFI MailArchiver interface. This may be required by some organizations, especially if GFI MailArchiver is accessed from the internet.


More Information:

Follow this procedure to configure IIS to use a secure connection: 

IIS 7

Ensure that you have configured a Server Certificate which will be used for HTTPs communication. You can configure this from the following:

  1. Open Internet Information Services (IIS) Manager
  2. Click on the Server
  3. In the left pane, click on 'Server Certificates' under 'IIS'
  4. Create a new certificate, or attach to an existing certificate.

Ensure that there is a HTTPs binding for the web server hosting the GFI MailArchiver website:

  1. Open Internet Information Services (IIS) Manager
  2. Expand the Server > 'Sites'
  3. Right Click on the 'Default Web Site' (Which is hosting the GFI MailArchiver website by default) and select 'Edit Bindings'
  4. Ensure that the 'https' binding is created, if not click on the 'Add...' button and add a new 'https' type binding. Click 'OK' to create the binding.

Enforce SSL communication on the GFI MailArchiver virtual directory:

  1. Open Internet Information Services (IIS) Manager
  2. Expand the Server > 'Sites' > 'Default Web Site'
  3. Click on the 'MailArchiver' node.
  4. In the left pane, click on 'SSL Settings' under 'IIS'
  5. Tick the options 'Require SSL' and 'Require 128-bit SSL'

IIS 6

  1. Open the Internet Information Services (IIS) Manager. 
  2. Browse to Websites.  
  3. Right click on the website used by GFI MailArchiver  and select ‘Properties’ - by default, the ‘Default Web Site’ is used. 
  4. From the ‘Directory Security’ tab select ‘Server Certificate’. 
  5. Follow the IIS certificate wizard to create a new certificate, or attach to an existing certificate.
  6. Click OK to close the 'Default Web Site' properties. 
  7. Under ‘Default Web Site’ select the ‘MailArchiver' virtual directory. 
  8. Right click and select ‘Properties’.
  9. Select the ‘Directory Security’ tab and in the ‘Secure Communications’ section click ‘Edit’. 
  10. Check ‘Require secure channel (SSL)’ and ‘Require 128-bit encryption’.
  11. Ensure that in the ‘Client Certificates’ section, ‘Ignore client certificates’ is selected. 
  12. Click 'OK' to close the 'Secure Communications' window. 
  13. Click 'OK' to close the MailArchiver Virtual Directory Properties.

The following will explain how to change the GFI MailArchiver shortcuts to use HTTPs:

  1. Browse to the GFI MailArchiver folder <...\GFI\MailArchiver>.
     
  2. Locate the Internet Shortcut ‘GFIMailArchiver.url’.
     
  3. Edit the properties of the shortcut to point to ‘https://<IP of GFI MailArchiver machine>:<port>/MailArchiver/sc.htm’
    Example, change: 
    http://192.168.1.1/MailArchiver/sc.htm
    To:
    https://192.168.1.1:443/MailArchiver/sc.htm
     
  4. Locate the Internet Shortcut ‘GFIMailArchiverConfig.url’ 
     
  5. Edit the properties of the shortcut to point to ‘https://<IP of GFI MailArchiver machine>:<port>/MailArchiver/Configuration/sc.htm’
    Example, change: 
    http://192.168.1.1/MailArchiver/Configuration/sc.htm
    To:
    https://192.168.1.1:443/MailArchiver/Configuration/sc.htm

Note:

  • Ensure that the HTTP SSL service is running. By default, the Startup Type for this service is set to Manual. From the properties of the services, change the Startup Type to Automatic and start the service.
  • If GFI MailArchiver is installed using Role-based Deployment, the above procedure must be done on the User Interface and Administration role.