How to Enable SSL (HTTPS) Connection for HRPro Web Application Server

Securing your HRPro/EPortal Web Application Server with SSL/TLS ensures that data transmitted between users and the web server is encrypted and protected. This guide covers obtaining or creating an SSL certificate, configuring IIS to use HTTPS, and validating the secure connection.

1. Obtain or Create an SSL Certificate

   • For Production Use:

     • Obtain an SSL certificate from a trusted Certificate Authority (CA) such as DigiCert, Let’s Encrypt (free), or others.

     • You need to generate a Certificate Signing Request (CSR) in IIS, submit it to the CA, and then install the issued certificate on the server once received.

   • For Testing or Internal Use:

     • Create a self-signed certificate directly in IIS Manager.

     • How to create a self-signed certificate:

       • Open IIS Manager.

       • Select the server node (top item in the Connections pane).

       • Double-click Server Certificates in the Features view.

       • Click Create Self-Signed Certificate... in the Actions pane.

       • Enter a friendly name (e.g., "HRProTestCert") and click OK.

2. Bind the SSL Certificate to the HRPro/EPortal Website

   • Open IIS Manager.

   • In the Connections pane, expand Sites and select your HRPro/EPortal site (e.g., WebClient or EPortal).

   • In the Actions pane on the right, click Bindings...

   • Click Add... to add a new binding.

   • Under Type, select https.

   • Select the correct IP address or choose All Unassigned.

   • Set the Port to 443 (standard HTTPS port).

   • From the SSL certificate dropdown, choose the certificate you installed or created.

   • Click OK, then click Close to close the Site Bindings window.

3. Test HTTPS Access

   • Open a web browser and navigate to your HRPro site using HTTPS:

     • • https://localhost/WebClient(on the server) or

       • https://<server-ip-address>/WebClient (from other computers).

   • If using a self-signed certificate, you may get a browser warning about an untrusted certificate. You can bypass this warning for testing or install the certificate as a trusted root certificate on client machines.

4. Optionally Enforce HTTPS and Redirect HTTP to HTTPS

   • To require SSL for your website:

     • In IIS Manager, select your HRPro/EPortal site.

     • Double-click SSL Settings.

     • Check Require SSL and select Apply.

   • To automatically redirect all HTTP traffic to HTTPS, configure a URL Rewrite rule or add a redirect in your web.config file. This helps ensure all users use the secure connection.

Important References and Resources

• Microsoft official guide on setting up SSL on IIS: https://learn.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis

• Configuring HTTPS bindings in IIS Manager: https://learn.microsoft.com/en-us/iis/manage/configuring-security/configuring-ssl-in-iis-manager

• How to enable HTTP to HTTPS redirection in IIS: https://cheapsslweb.com/resources/how-to-enable-http-to-https-in-iis

This setup ensures your HRPro Web Application Server is accessed securely, protecting sensitive employee and payroll data during transmission.