Securing StifleR Operations with SSL

Introduction

This document provides guidance on how to secure StifleR communications with SSL.

Securing StifleR is pretty straightforward, but as with anything involving Microsoft Security and Certificates, you need to get it exactly right or it just won’t play ball.

This document is intended to provide some details around this configuration and hopefully a more coherent description of setting up a certificate for self-hosting SignalR, the communication platform upon which StifleR is built.

What exactly do we need to secure?

A couple of areas of concern:

• SignalR Endpoints (the StifleR Service that the Clients talk to), and the Web API which is used by the dashboards and/or scripts. See Securing the StifleR Endpoint for more info.

• Ports - By default, the StifleR Service listens on Port 1414 and the Dashboards on 9000. Certificates should be bound to these Ports in order to enable secure communication over these channels. See Running SignalR with SSL.