Monday, October 24, 2016

Moving domino SHA1 to SHA2 without investing on new license

Introduction

I believe everyone is aware of the SHA1 news, that starting from Jan 2017. All the browser will stop supporting it and the new replacement it will be SHA2. I believe a lot of IT folks might be looking into alternative for a better mitigation for their application.

I did perform some test on some application and I do have some recommendation. if you do search on public internet, most of time. They will mention about using Apache or even upgrade the software itself. But sometime, we might not have the luxury approach, so i intend to try out with IIS ARR.

Here are some of the steps that will assists you on fixing the problem.



Step 1
First , if you are running on a domino server version 8. This will be steps. You need to shutdown domino server and turn off https daemon. I am not a fan of domino, therefore I can not share the knowledge on how to do it. Once this is done, do install IIS server on the same machine. Once this is up, on the binding it self, delete port 80 and create a new one with port 443. Do remember to import in a certificate. Install Application request routing from the following url
https://www.iis.net/downloads/microsoft/application-request-routing.

Step 2
Once this is done, you will be able to see an icon of application request routing.


On the right hand side, click on the server proxy settings.


Click on enable proxy and click the apply button on the right hand side.



Step 3
Click on URL rewrite and start to create your own rules. We are going to start with an inbound rules.

On the right hand side, click on the add rules.

Click on the inbound blank rules and press OK. You will be required give a name to the rules that you just created. 

On the pattern use (.*), so that what ever the user type, it is going to be accepted by the proxy.

On the logical grouping, click on the add button and type in {HTTPS} with the value on

On the action type, do remember choose the right action type. Do remember only choose rewrite and for the URL use the following http://test.domain.com/{R:1}. If you have interest to know more on the following, you might want to visit https://www.iis.net/downloads/community/2009/12/url-rewriter-and-reverse-proxy




Step 4

We are already done, with our first configuration, you might want to access the application with an url of https://test.domain1.com. Everything it is working as it suppose to be, but there could have some potential link that it is still on http, how do we mitigate those? You need an outbound rules. Follow the screen below to proceed. Good luck to your next setup. Do leave your feedback here if this is helpful to you.






I suggest to select all the content


Summary
Stay tune with my next articles. Let us know what you though , learns and hope for next articles!. Connect with us on GOOGLE+ , TWITTER and FACEBOOK.

No comments:

Post a Comment