DESCRIPTION:

Instructions for enabling SSL in SnapStream's implementation of IIS Express. These instructions apply to SnapStream Express, Pro and SBE customers. SnapStream Enterprise customers should follow instructions for Enabling SSL in IIS used by SnapStream.

NOTE: If you are replacing a current certificate, use the instructions in 2.2 instead of 2.1.

ARTICLE:

There will be several parts to this process, installing your SSL certificate and locating your Thumbprint hash code and then configuring Enterprise TV to use it.

Table of Contents

1. Installing an SSL Certificate and getting your thumbprint hash code.
   
   1. Using a localhost certificate.
   2. Using your own SSL Certificate.
2. Configuring the SnapStream interface
3. Testing

1: Installing an SSL Certificate and getting your thumbprint hash code.

1.1 - Getting your Thumbprint hash code for a Localhost Certificate.

1. Click (or right-click) Start => Run and enter the command "mmc.exe."

2. The Console window will appear. Click on File => Add/Remove Snap In => Add. Select Certificates and click Add. 

3. On the next screen, select the Computer Account. Click Next and then Finish. 

4. Close the Add Standalone Snap-in window and then click OK.

5.  Under Console Root, an entry should appear for Certificates (Local Computer). Click on the plus sign to expand the listings, then click on the plus sign next to Personal to expand it and select Certificates. In the right window you will see the certificate. 

6. Double click on the certificate in the right window and it should bring up the Certificate dialog window. Click on the Details tab and scroll down. Find the entry for Thumbprint and select it. This is the Thumbprint hashcode that identifies your new certificate. Copy the text of this entry to notepad and remove all the spaces between the sets in the hashcode. 

For example, if the code looks like this: 6c d8 7c b7 92 dc e6 b6 c3 ac 83 1e b3 64 8d 46 ec 94 c6 33 
You want it to look like this: 6cd87cb792dce6b6c3ac831eb3648d46ec94c633 

1.2 - Installing your own SSL Certificate and getting a Thumbprint hash code.

1. Click (or right-click) Start => Run and enter the command mmc.exe.

2. The Console window will appear. Click on File => Add/Remove Snap In => Add. Select Certificates and click Add. 

3. On the next screen, select the Computer Account. Click Next and then Finish. 

4. Close the Add Standalone Snap-in window and then click Ok to the Add/Remove Snap-in window.

5.Under Console Root, an entry should appear for Certificates (Local Computer). Click on the plus sign to expand the listings, then click on the plus sign next to Personal to expand it. Hover over All Tasks and click on Import. The Certificate Import Wizard should appear. Click Next.

6. On the File to Import window, click on Browse and locate your certificate. You will want to import the "Personal Information Exchange" (pfx) file of your certificate. Please make sure you know the password to your certificate or the have key file that accompanies your certificate. After selecting the pfx file, click Next and it will prompt you for your password. If you have a key file, click Next. Otherwise, enter the password for the certificate and click Next. 

7. On the Certificate Store window, select "Place all certificates in the following store" and select Personal. Click Finish and OK to finish the import. 

8. Now in the Console window under Personal should be a Certificates folder. Your certificate should be listed here. 

9. Double click on your certificate in the right window to open the Certificate dialog. On the General tab, verify at the bottom that the private key is present; you should see a message that says "You have a private key that corresponds to this certificate." Click on the Details tab and scroll down. Find the entry for Thumbprint and select it. This is the Thumbprint hashcode that identifies your new certificate. Copy the text of this entry to notepad and remove all the spaces between the sets in the hashcode. 

For example, if the code looks like this: 6c d8 7c b7 92 dc e6 b6 c3 ac 83 1e b3 64 8d 46 ec 94 c6 33 
You want it to look like this: 6cd87cb792dce6b6c3ac831eb3648d46ec94c633 

2 - Configuring SnapStream

PLEASE NOTE- these steps will interrupt any active recordings.

2.1: Installing a new certificate (not replacement)

1. Click (or right-click) Start => Run and enter the command "services.msc." The Services window should appear. 

2. Scroll down in the window and select SnapStream IIS Express Wrapper. Click Stop. 

3. Once the service is stopped, download httpcfg from this link and unzip it into the root directory of the C drive.

4. Open a command-line window. (Start=> Run=> cmd)

5. Enter the following commands:

cd\

httpcfg set ssl -i 0.0.0.0:443 -h XXXX where XXXX is the thumbprint hash code from the last step of part 1 above.

If you receive anything other than the value 0 after entering the command you will need to execute Part 2.2.

6. Return to the Services window and restart the SnapStream IIS Express Wrapper service.

2.2: Replacing your current SSL certificate in IIS Express.

If you are not able to bind a new certificate using our instructions above, follow these steps: 

1. Open (elevated) command prompt, and enter the following command:

httpcfg.exe query ssl

This will show you what is currently bound. 

2. Delete the entry that is currently bound using the following syntax.

httpcfg.exe delete ssl -i 0.0.0.0:port -h <thumbprint hash>

3. Now bind your desired certificate

4. Run this command:

httpcfg.exe set ssl /i 0.0.0.0:443 -h <thumbprint hash> (refer to section 1B to find your thumbprint hash)

5. Once you've completed these steps, move on to part 3. 

3 - Testing

Open a web browser and connect to the Enterprise TV Web Interface using https. You should be able to connect and login without any issues.

Make sure that client systems, can playback content. If client systems run into problems with playing back content specifically, it may be necessary to adjust the Machine Name in the SnapStream software to match the FQDN that the certificate was issued to (for example SnapStream-DVR vs SnapStream-DVR.mydomain.com).

The Machine Name in the SnapStream software can be adjusted by signing into the SnapStream WebUI > Admin > Machine (under Settings on the left).  Adjust the Machine Name to the FQDN that the cert was issued to.  Then click save and try playback again.

If desired, users can be forced to use an HTTPS connection using the Web Redirect settings, on the Miscellaneous Settings page of the SnapStream interface.  This can be accessed by signing into the SnapStream WebUI > Admin > Misc. (under settings on the left). 

If you need further assistance, please submit a ticket to technical support.