Password Server v2.5 fails when not using an SSL binding in IIS.
During the installation the Base URL is configured using server-name or localhost.
The following error is then displayed.
Reviewing "AAPSSetupLog.txt" usually located in "C:\Program Files\Scorpion Software\AAPS_Setup_V25\" shows the following error.
~ CreateThirdPartySSOCert() Got client cert.
~ CreateThirdPartySSOCert() Service URL set to: https://localhost/AAPS/AAPS.svc
~ CreateThirdPartySSOCert() Failed . Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'.
Installation will fail because there is no SSL certificate configured. As of Password Server v2.5 the use of SSL is now a requirement. You need a valid SSL certificate and HTTPS binding in IIS.
Check the Base URL entered. if you have an SSL certificate configured in IIS then modify the Base URL to reflect that SSL binding during the installation.
If you do not have an SSL certificate setup you will need to Configure an SSL Certificate in IIS.
We recommend using a trusted public CA – such as Verisign, Inc – to obtain the certificate. This solution is particularly good if you want to enable secure communications for authentication agents over the public Internet, where your AuthAnvil Password Server will be exposed publicly.
To enable SSL for the AuthAnvil Password Server website after you have a certificate installed in IIS, follow these steps:
- Launch the IIS Manager, and expand “Sites”.
- Click on the website where the AuthAnvil Password Server will be installed and click “Bindings…” under the actions menu.
- Click “Add…”
- Change the type from “http” to “https”, set your IP address and port, and chose a certificate from the “SSL certificate” dropdown menu.
- Click “OK” and then “Close” to apply the binding.
- Install the Password server using this new SSL binding.
For more information about setting up SSL in IIS see this guide from Microsoft http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis
Password Server v2.5 and newer unless otherwise posted.