Use a Certificate from a Certification Authority to Secure the HPC Basic Profile Web Service
Applies To: Windows HPC Server 2008
You can secure the HPC Basic Profile Web Service using a certificate that is provided by an internal certification authority or from an established external service. The following procedure describes how to import, export, and bind a self-signed certificate using the Internet Information Services (IIS) Manager.
Import, export, and bind the CA certificate
You can import a certificate into the Internet Information Services (IIS) Manager in Windows Server 2008. Although IIS may be activated in order to import the certificate, the HPC Basic Profile Web Service does not use IIS for the operation of the Web service. Unless explicitly needed for other purposes on the head node, you should stop the IIS Web Server after the certificate has been generated, exported, and bound.
To import, export, and bind the CA certificate
Log on to your head node as a user with Administrator privileges.
Enable the Web Server role on the head node from the Server Manager console.
To open the Server Manager console: click Start, point to Administrative Tools, then click Server Manager.
Open the IIS Manager:
Click Start, point to Administrative Tools, then click Internet Information Services (IIS) Manager.
Import the certificate into the IIS Manager:
In the Connections pane, select the head node.
In the views pane, double-click the Server Certificates icon.
In the Actions pane, click Import.
In the Import Certificate dialog box, provide the certificate file location and the password used to secure the private key in the certificate file, then click OK.
Export the public certificate:
In the views pane, select the certificate that you created.
In the Actions pane, click View.
In the Certificates property sheet, on the Details tab, click Copy to File.
Complete the steps in the Certificate Export Wizard, selecting the option No, do not export the private key, and the format DER encoded binary X.509 (.CER).
In the Certificates property sheet, click OK.
Bind the certificate to a specific port and protocol:
In the navigation pane, expand the node for your head node, then click Sites.
In the views pane, select the Default Web Site.
In the Actions pane, click Bindings. This provides a dialog box listing the protocols for the selected Web site.
In the Site Bindings dialog box, click Add.
In the Add Site Bindings dialog box, in the Type drop-down list, select https.
In the SSL certificate drop-down list, select the certificate that you exported.
If you plan to operate the Web service on a port other than 443 (the standard for the Secure Hypertext Transfer Protocol (HTTPS) protocol), provide the new port number.
Click OK to add the site binding and return to the Site Bindings dialog box.
In the Site Bindings dialog box, click Close.
Stop the Web server:
In the navigation pane, select the head node.
In the Actions pane, click Stop.
Note
You can run the Windows PowerShell netsh http show sslcert
command to verify the binding between the certificate and the port.