To enable SSL encryption and allow network communication with your Rendition Server, you need first to add your SSL server certificates to the ManagingNodeConfig.user.xml file located in the installation path C:\Program Files\Foxit\Rendition Server
Check for the node <network> and uncomment → add the serial number of the certificate
<!--
<network>
<authorization>
...
</authorization>
<certificate subjectName="" subjectDistinguishedName="" serialNumber="" />
<bindings>
...
</bindings>
</network>
-->
The serial number needs to be exactly as the one displayed by the certificate dialog box of the Microsoft Management Console but without spaces. If you have not yet done this step, we need to start by adding the certificate to the computer store:
Click on start and type MMC
Click on File → Add/Remove Snap-in → On the left side select Certificates → click on Add → Select Computer account → Next → Finish, click on OK
Now, we are in the certificates store
On the left side, enlarge Certificates (Local Computer) → click on Personal → Certificates → Do a right click on the right side → click on All Tasks → Import
Leave the option "Local Machine" → then click on Next
Browse and look for the certificate file
Check to select the right file extension, not every certificate file has the same
Once you find the right certificate file, select it → click on Next and type the password for the private key. Do not forget to put a tick on <Mark this key as exportable>
Place the certificate in the "Personal" certificate store, Next.
And then click on Finish once the new dialog appears
You should get a message that the certificate was imported successfully
Now, we need to make the certificate trustable
On the left side, click on "Trusted Root Certification Authorities" → then Certificates.
At the end of the list, make a right-click → "All Tasks" → Import → Next → Browse and select the certificate file → Type the password → Mark the key as exportable → Click on Next until Finish → Notification about successful import should appear
To double-check if the certification file is trustable, switch to Personal → Certificates and open the file
On the tap Certification Path the following message should be displayed:
Now we need the serial number
Open the tab Details and check for it → Copy and paste the serial number in the file ManagingNodeConfig.user.xml in the node <certificate> for the parameter serialNumber displayed at the beginning of this article
At the of the list, there is a Thumbprint and we need this number too, keep it in your clipboard
At Subject Alternative Name you can check the name for which computers the certificate was defined. The Common Names (CN) of the certificates should be set to the fully qualified domain names of the Managing Node servers.
Now open the command line, add the binding for the certificates on the port 14713 with the netsh statement and Replace the certhash for the certificate thumbprint
netsh http add sslcert ipport=0.0.0.0:14713 certhash=c44c91e9e70eb57b679db05dcb62fdfd6931fd9e
"appid={25f5b4de-6670-42e4-8180-8c4cddf9e7f3}"
and then bind the certificate with port 14714
netsh http add sslcert ipport=0.0.0.0:14714 certhash=c44c91e9e70eb57b679db05dcb62fdfd6931fd9e
"appid={25f5b4de-6670-42e4-8180-8c4cddf9e7f3}"
If you get this error message
Then check first if you have an old certificate bonded with the same port
netsh http show sslcert
If that's the case, delete it and bind the new one again
netsh http delete sslcert ipport:0.0.0.0:<Port>
netsh http add sslcert ipport=0.0.0.0:14714 certhash=c44c91e9e70eb57b679db05dcb62fdfd6931fd9e
"appid={25f5b4de-6670-42e4-8180-8c4cddf9e7f3}"
