Securing StifleR Operations with SSL

Introduction

This is a companion document to the StifleR Planning and Deployment Guide. It details the steps required to secure 2Pint Software StifleR components using SSL.

Securing StifleR is pretty straightforward, but as with anything involving Microsoft Security and Certificates, you need to get it exactly right or it just won’t play ball.

This document is intended to provide some details around this configuration and hopefully a more coherent description of setting up a certificate for self-hosting SignalR, the communication platform upon which StifleR is built.

Microsoft Configuration Manager and SSL

If you are using Microsoft System Center Configuration Manager (SCCM) and are interested in securing StifleR then it is likely that you have already secured SCCM. In this case your job is easier as you can reuse the Certificates that you have already put in place for SCCM.

If you haven’t yet secured SCCM then please refer to Appendix B where there is a full set of instructions on how to set this up before securing StifleR.

The same steps can be used to secure a StifleR Server deployment (the same Web Server Certificate can be used)

What exactly do we need to secure?

A couple of areas of concern:-

The SignalR Endpoint (the StifleR Service that the Clients talk to), and the Web API which is used by the dashboards and/or scripts.

Ports - By default, the StifleR Service listens on Port 1414 and the Dashboards on 9000. Certificates should be bound to these Ports in order to enable secure communication over these channels.