Securing StifleR Operations with SSL

Introduction

This is a companion document to the StifleR Planning and Deployment Guide. It details the steps required to secure 2Pint Software StifleR components using SSL.

Securing StifleR is pretty straightforward, but as with anything involving Microsoft Security and Certificates, you need to get it exactly right or it just won’t play ball.

This document is intended to provide some details around this configuration and hopefully a more coherent description of setting up a certificate for self-hosting SignalR, the communication platform upon which StifleR is built.

Microsoft Configuration Manager and SSL

If you are using Microsoft System Center Configuration Manager (SCCM) and are interested in securing StifleR then it is likely that you have already secured SCCM. In this case your job is easier as you can reuse the Certificates that you have already put in place for SCCM.

What exactly do we need to secure?

A couple of areas of concern:-

The SignalR Endpoints (the StifleR Service that the Clients talk to), and the Web API which is used by the dashboards and/or scripts. See Securing the StifleR Endpoint for more info

Ports - By default, the StifleR Service listens on Port 1414 and the Dashboards on 9000. Certificates should be bound to these Ports in order to enable secure communication over these channels. See Running StifleR with SSL