can't setup Microsoft IIS with Board 14 Web Server until the end

Arnaud Villemain
Arnaud Villemain Active Partner
Fourth Anniversary 10 Comments 5 Likes 5 Up Votes
edited May 31 in Platform

Hello,

I have installed Board 14 (Server + IIS WebHTML5) last version 14.1.0.0.150177 on a virtual machine hosted in an Azure subscription.

I would like to publish Board under IIS WebHTML5 Website to allow users to access to the Board applications hosted in this virtual machine. I followed the tutorial (last update May 16th, 2024):

I am stuck between step 8 and 9 of IIS Configuration.

I have done all configuration until step 8, restarted the virtual machine. After this i try to reach the website from my local PC's browser (so, this is not the virtual machine) and get this:
"website is not reachable"

so the current configuration doesn't make my Board web IIS Server visible from the outside :(

Can someone help me find the error i did?

here my configurations on the remote virtual machine:

  1. Board Server is installed
  2. The Board web folder has the needed access for user IIS_IUSRS
  3. The website bindings are as in the tutorial:
  4. the SSL certificate creation went well as documented in the tutorial
  5. I have updated the file App_Data\config\appSettings.config

Therefore i don't understand why the link to (fake hier but almost the same) https://bXXXXXXXXXX.westeurope.cloudapp.azure.com/ doesn't work from remote… 🤔

Many thanks in advance for your advices.

Tagged:

Accepted Answer

  • Arnaud Villemain
    Arnaud Villemain Active Partner
    Fourth Anniversary 10 Comments 5 Likes 5 Up Votes
    edited June 6 Answer ✓

    After having opened the ticket, i had two solving sessions with the Board support and i found two issues:

    1. i hadn't allowed the port 443 (inbound) on my virtual machine which is the Board server 🙈
    2. i used the powershell script (to create the certificates) without adapting it 🙈 to my own web server . This cannot work, especially this row: -DnsName b14.local `

    now i can access from a local machine to the remote Board server machine through the browser.

    Since i learned a few thing, please find below some more information:

    A) More details regarding certificates

    is not done so that it creates a trusted certificate from a trusted certificate authority (CA). A trusted certificate from a trusted certificate authority (CA) always costs money to be created and used.

    The script is done to create a self-created certificate (which is free of charge 💰️), one the Board server machine, which is by definition not a worldwide trusted certificate authority. This is fine for my use case (my Board server is for prototyping and demos) where the certificate trust is not a major topic).

    When i call the website, the browser shows that the connection is not safe:

    which in other words means "the certificate creator is unknown, therefore untrustworthy, therefore unsafe".

    In my case i know the certificate creator 😉and i can click on "takes the risk and access to the website" shown in the browser.

    💡 If you want to mask this "unsafe" hint in the browser, you can go to the browser configuration → certificates and from there install the .pfx file of the self created certificate. After closing and reopening the browser, the "unsafe" hint disappears.

    B) Suggestions for the instructions how-to-setup-microsoft-iis-with-board-14-web-server

    @Product Management Team

    @Andrea Mo

    I would suggest these small improvements for the instructions (i mean the how-to article of the community):

    1. add a new step between steps 4 and 5 called: "check port 443" with two subpoints:
      1. "check on your server machine that the firewall has an inbound rule opening the port 443.
      2. If your machine is managed within a cloud environment, e.g. Microsoft Azure, check there as well if an inbound rule exists which opens the port 443"
    2. modify the formatting of the powershell script to help "newbies" to create certificates, in particular by formatting bold the parameters that must be adjusted to each specific case. I suggest this:

    Let us assume that the future Board web server can be reached from a browser by calling this URL: https://myBoardWebsite.com

    below is an example based on latest version of PowerShell creating a certificate which has to be used in an IIS Microsoft server binding.

    A few comments regarding the script:

    • you must run all the script in one row, not in separated pieces (because of the used variables $rootCA, $siteCert, and others $…
    • the script first create the self-signed certificate b14CA which will be the certificate authority
    • Then it creates the certificate which will be used in the Microsoft IIS Server binding. In our example we can call it myBoardWebsite.com(check the attributes Subject and DnsName there and adapt them to your own website URL name)
    • the last part exports the certificate in .cer and .pfx file formats and then install them on the server machine. You may need them also for the local browsers of external computers accessing to https://myBoardWebsite.com so that they don't show "certificate is unsafe" anymore. (check the filenames *.cer and *.pfx there and adapt them to your own website URL name, change the password values YourPassword!)

    Write-Host "Generating certificates"
    $rootCA = New-SelfSignedCertificate -Subject "CN=b14CA"  `
    -CertStoreLocation "cert:\LocalMachine\My"  `
    -KeyExportPolicy Exportable  `
    -KeyUsage CertSign,CRLSign,DigitalSignature  `
    -KeyLength 4096  `
    -KeyUsageProperty All  `
    -KeyAlgorithm 'RSA'  `
    -HashAlgorithm 'SHA256'  `
    -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"  `
    -NotAfter (Get-Date).AddYears(30)
    $siteCert = New-SelfSignedCertificate -Subject "CN=myBoardWebsite.com"  `
    -Signer $rootCA  `
    -KeyLength 2048  `
    -CertStoreLocation "cert:\LocalMachine\My"  `
    -KeyExportPolicy Exportable  `
    -KeyUsage DigitalSignature,KeyEncipherment  `
    -DnsName myBoardWebsite.com  `
    -KeyAlgorithm 'RSA'  `
    -HashAlgorithm 'SHA256'  `
    -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"  `
    -NotAfter (Get-Date).AddYears(30)
    
    # Export Root Certificate to .pfx and .cer files
    $CertPassword = ConvertTo-SecureString -String "YourPassword!" -Force -AsPlainText
    Export-PfxCertificate -Cert $rootCA -FilePath ".\b14ca.pfx" -Password $CertPassword
    Export-Certificate -Cert $rootCA -FilePath ".\b14ca.cer"
    $siteCertPwd = ConvertTo-SecureString -String "YourPassword!" -Force -AsPlainText
    Export-PfxCertificate -Cert $siteCert -FilePath ".\myBoardWebsite.pfx" -Password $siteCertPwd
    Export-Certificate -Cert $siteCert -FilePath ".\myBoardWebsite.cer"
    $Pass = ConvertTo-SecureString -String 'YourPassword!' -Force -AsPlainText
    Import-PfxCertificate -FilePath ".\b14ca.pfx" -CertStoreLocation Cert:\LocalMachine\Root -Password $Pass
    Import-PfxCertificate -FilePath ".\myBoardWebsite.pfx" -CertStoreLocation Cert:\LocalMachine\My -Password $Pass
    
    
    

    if you like, you could update the community article with these suggestions.

Answers