Complete Guide to Setting Up Custom Domains and SSL Certificates in MAWi

Custom Domain Names and Certificates in MAWi: A Step-by-Step Guide


1. Adding a Domain Name in Windows OS


To begin, you'll need to register your domain name with Windows. This is done using `netsh.exe` with the following command:

Info

netsh http add urlacl url=https://[YOUR_DOMAIN_NAME]:[YOUR_SERVER_SSL_PORT]/ sddl=D:(A;;GA;;;WD)


Replace `[YOUR_DOMAIN_NAME]` and `[YOUR_SERVER_SSL_PORT]` with your specific details.



2. Uploading and Installing the PFX Certificate:


For MAWi Server functionality, a certificate needs to be installed on the server machine. Follow these steps:

- Transfer your `.pfx` file (previously created) to the server machine.
- Double-click the `.pfx` file and select "Local machine" during the installation process.


  


- Enter your chosen password in the "Password" field.



- Opt for "Place all certificates in the following store", click "Browse", and select the "Personal" folder. Proceed with the installation.




Binding the Certificate for IIS Express (Manual netsh Command)


Step 1: Open Command Prompt as Administrator

Step 2: Run the following command (replace the placeholders):


Info
netsh http add sslcert ipport=[IP_ADDRESS]:44338 certhash=[CERTIFICATE_THUMBPRINT] appid={4dc3e181-e14b-4a21-b022-59fc669b0914} certstorename=MY clientcertnegotiation=enable

Step 3: Repeat the command for port 44339:


Info
netsh http add sslcert ipport=[IP_ADDRESS]:44339 certhash=[CERTIFICATE_THUMBPRINT] appid={4dc3e181-e14b-4a21-b022-59fc669b0914} certstorename=MY clientcertnegotiation=enable


Parameter Explanation:

  • [IP_ADDRESS]: Use the IP address bound to your IIS Express instance, typically 0.0.0.0 for all IPs or 127.0.0.1 for localhost.

  • [CERTIFICATE_THUMBPRINT]: The thumbprint of the SSL certificate (remove spaces).



  • 44338 and 44339: Replace or add other ports if needed.

  • appid={4dc3e181-e14b-4a21-b022-59fc669b0914}: This is a standard app ID used for IIS Express bindings.

  • certstorename=MY: Refers to the “Personal” certificate store.

 

3. Verifying the Certificate Installation:




- Open the Microsoft Management Console (MMC).
- Navigate to "File/Add/Remove Snap-in..." or use the shortcut "Ctrl+M".
- Select "Certificates", choose "Computer account", and confirm with "Local computer".
- In the MMC, under "Personal/Certificates", you should find your newly installed certificate.


 

 

4. Binding the Certificate in IIS and IIS Express:


- In IIS or IIS Express, add SSL Bindings for "MawWeb.Client" and "MawWeb.Server" sites (for non-Server OS, it’s only "MawWeb.Client").
- For the IP Address, enter your server's IP. For the Port, use the client port. Under Host name, enter your domain name, and select the recently added certificate.
- On Windows Server OS, repeat these steps for "MawWeb.Server", using recommended ports (44338 for "MawWeb.Server" and 44339 for "MawWeb.Client"). Adjust port numbers if necessary and ensure they're allowed through your firewall.

 


5. Configuring IIS Express for Windows 10/11 OS:


Notes
This step is not required if your server is installed on Windows Server OS

- Go to "C:\Program Files (x86)\Monitors AnyWhere\Web.Server\applicationHost.config".
- Locate the “MAWWEB.SERVER” site configuration and add a new HTTPS binding with your custom domain name.





Final step


Once finished, please close all "IIS Express" processes on the machine. Then, restart the "MAWI IIS Express Service".