Changing a licensed SendPro Enterprise instance from HTTP to HTTPS
This article applies to licensed SendPro Enterprise users only, not subscribers. If you are a subscriber, your SendPro Enterprise is hosted in the Pitney Bowes cloud with the address https://name.sendproenterprise.com, where "name" is your organization's unique value. If you are a licensed user, your SendPro Enterprise is not hosted in the Pitney Bowes cloud.
Beginning with version 8.45, SendPro Enterprise prohibits HTTP implementations; all instances must use HTTPS. These instructions describe changing an existing HTTP instance of SendPro Enterprise to use HTTPS. It is highly recommended that instances below 8.45 are first configured for HTTPS before they are upgraded.
- Step 1: Create Self-Signed Certificates
- Step 2: Import Certificates into Trusted Root Certification Authorities
- Step 3: Prepare SendPro Enterprise Components
- Step 4: Configure SendPro Enterprise
- Step 5: Update Site Binding
- Step 6: Update Workstations
Step 1: Create Self-Signed Certificates
Ignore this section if certificates will be provided by a CA. It is crucial, however, that each certificate issuer value matches exactly the hostname for the matching instance.
- Open SendPro Enterprise Setup (Instance Manager).
- Navigate to SendPro Enterprise Instances.
- Record the hostname value in the Binding Settings section for each instance.
- Navigate to HubCapp Instances.
- Record the hostname value in the Binding Settings section for each instance.
- Close SendPro Enterprise Setup.
- Run Powershell as an administrator.
- For each certificate to be created, execute the command below, making certain to replace [SPEhostname] and [HubCapphostname] with the hostname values of the instances for which the certificate is being created.
Important: The values must exactly match the hostname values of the SendPro Enterprise and HubCapp instances shown in SendPro Enterprise Setup.
New-SelfSignedCertificate -DnsName "[SPEhostname]", "[HubCapphostname]" -Subject "CN=[SPEhostname], CN=[HubCapphostname]" -KeyAlgorithm RSA -KeyLength 2048 -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(10)
- In Windows Search, start typing Manage Computer Certificates, then select it from the search results.
- Navigate to Certificates - Local Computer > Personal > Certificates.
- Export each certificate that you created in step 8:
- Right-click on the certificate.
- Select All Tasks > Export.
- Select Next.
- Select No, do not export the private key.
- Select Next.
- Select DER encoded binaryX.509 (.CER).
- Select Next.
- Select Browse to specify a name and location in which to store the file. Keep this information for later.
- Select Save.
- Select Next.
- Select Finish.
- Select OK at the confirmation prompt.
Step 2: Import Certificates into Trusted Root Certification Authorities
- In Manage Computer Certificates, navigate to Trusted Root Certification Authorities > Certificates.
- Repeat the following for each certificate that you exported earlier:
- Select Action > All Tasks > Import.
- Select Next.
- Select Browse. Locate and select the certificate to be imported.
- Select Open.
- Select Next.
- Select Place all certificates in the following store: Trusted Root Certification Authorities.
- Select Next.
- Select Finish.
- Select OK at the confirmation prompt.
Step 3: Prepare SendPro Enterprise Components
- Open a text editor (Notepad, Notepad++, etc.) as an administrator.
- Assuming the default installation path, open C:\ProgramData\SendPro Enterprise Setup\Server Configuration.xml.
- Using the editor's search and replace tool, search for each occurrence of <UseSSLBinding>false</UseSSLBinding> and replace it with <UseSSLBinding>true</UseSSLBinding>.
- Save and close the file.
- Assuming the default installation path, open C:\Program Files (x86)\SendPro Enterprise Installation\Instance Manager.ps1.
- Using the editor's search and replace tool, search for each occurrence of $AddSSLCertToWebBinding.AddSslCertificate($thumbprint, $storage); and replace it with #$AddSSLCertToWebBinding.AddSslCertificate($thumbprint, $storage);.
- Save and close the file.
- Close the text editor.
Step 4: Configure SendPro Enterprise
- Open SendPro Enterprise Setup.
- For each instance of SendPro Enterprise and HubCapp:
- Navigate to the instance.
- Expand the SSL Certificate section.
- In Windows Search, start typing Manage Computer Certificates, then select it from the search results.
- Double-click the certificate for the matching instance to view the Properties window.
- Select the Details tab.
- Select Issuer.
- Highlight the Issuer value, ignoring "CN = ", and copy it to the clipboard.
- Return to SendPro Enterprise Setup.
- Paste the Issuer that you copied from the certificate into the Issued By field. Confirm that the value matches exactly the instance's hostname value.
- Return to the certificate Properties window.
- Select Serial Number.
- Highlight the Serial Number value and copy it to the clipboard.
- Return to SendPro Enterprise Setup.
- Paste the Serial Number that you copied from the certificate into the Serial Number field.
- If multiple certificates are being used, set Require Server Name Indication to True.
- For Storage, enter My.
- Once all settings are applied, select File > Save.
- Select Install > Run Now.
- When the message Installation complete appears, close SendPro Enterprise Setup.
Step 5: Update Site Binding
- In Windows Search, start typing Internet Information Services (IIS) Manager, then select it from the search results.
- For each SendPro Enterprise and HubCapp instance, complete the following:
- Navigate to and select the instance site so that it is highlighted in the Sites folder.
- In the Actions > Edit Site section of the right panel, select Bindings.
- Select the https record shown.
- Select Edit.
- Select the appropriate certificate from the SSL Certificate menu.
- Select OK.
- Select Close.
- Close Internet Information Services (IIS) Manager.
Step 6: Update Workstations
Each computer that needs to access the SendPro Enterprise or HubCapp instances must have the corresponding certificates imported into that computer's Trusted Root Certification Authorities folder. Perform step 2 of these instructions on each affected workstation.
UPDATED: January 19, 2022