How to Change your Passwordstate URL

At installation time some customers elect to customize aspects of their Passwordstate installation. By default, Passwordstate will use the Host Name of the Webserver that it is being installed on. Alternatively, you can specify a custom URL (Uniform Resource Locator) to make it easier for users to remember the system (in case they haven’t book marked it in their favourites) or simply if you want to brand your installation.

Creating an appropriate DNS Record

In order to be able to use a custom URL you will need to create a CNAME DNS entry. You should never try to use host files for name resolution as they do not work with Windows Authentication in Microsoft IIS (Internet Information Services).

In the following example I will be creating a custom URL for my “Sandpit” Passwordstate Instance. This instance is used for testing out new releases, producing the blog entries and basically familiarising myself with the functionality, new and existing, in Passwordstate. First, connect to your Windows Server hosting your DNS settings and start DNS Manager;


under Forward Lookup Zones select your Domain and create a CNAME (Canonical Name Record or Alias) as per the image below. Note your Alias name and Fully Qualified domain name (FQDN) will be different to prbpasswordstate, and the taget host is your Passwordstate web server;


Modify your IIS Bindings

Next, you’ll need to modify the bindings in IIS to match the URL that was set in DNS Manager. To do this login to the Webserver that your Passwordstate instance is hosted on and start Internet Information Services (IIS) Manager;


Under your Webserver, navigate to Sites and select Passwordstate from the Left-Hand pane. In the Right-Hand pane click on Bindings… as per the image below;


When you click on edit to supply the details it’s worthwhile ensuring you use port 443 as you’ll no longer need to append the port number to the end of your URL (your Web Browser automatically adds 443 silently to your URL making it easier to remember).

Generate a new Certificate

Next, you’ll need to create a new Certificate and there are a number of options for this;

  • The Self-Signed Certificate that Passwordstate installs 
  • An internal Certificate Authority
  • A purchased Wildcard Certificate from a Certificate Authority (best option)

If you elect not to use a purchased SSL Certificate from a Certificate Authority you can still generate a more secure certificate to use on your Passwordstate website. This will be generated by using an Internal Certificate Authority. Please see this forum post on how to first setup an Internal Certificate Authority.  Once done you can then follow these instructions on how to generate a new Certificate from your Internal Certificate Authority.

Creating a new Self-Signed Certificate is straight forward. On your Webserver, Run PowerShell ISE as an Administrator and ensure your PowerShell version is at least V 4.0. To confirm what version you are running type $host into the console and you should see a response similar to below;


Next copy the following code into your Powershell ISE console, changing the URL in the second line to be your new URL (in my example it’s prbpasswordstate.halox.net) and run the script. it will create a new Self-Signed certificate for you;

# Begin script
$URL = “prbpasswordstate.halox.net”

$PowershellVersion = $host.version.Major
 
 # Create the SSL Certificate, using different commands depending on which version of Powershell is installed.  Preferably Powershell 5, as this allows us to set a longer expiry date on the certificate
    if ($PowershellVersion -eq ‘4’)
    {
        $cert = New-SelfSignedCertificate -DnsName $URL -CertStoreLocation Cert:\LocalMachine\My    
    }
    if ($PowershellVersion -eq ‘5’)
    {
        $StartDate = ’01/01/’ + (Get-Date).Year
        $EndDate = ’01/01/’ + (Get-Date).AddYears(5).Year
        $cert = New-SelfSignedCertificate -DnsName $URL -CertStoreLocation Cert:\LocalMachine\My -FriendlyName $URL -NotBefore $StartDate -NotAfter $EndDate
    }
        
    $rootStore = New-Object System.Security.Cryptography.X509Certificates.X509Store -ArgumentList Root, LocalMachine
    $rootStore.Open(“MaxAllowed”)
    $rootStore.Add($cert)
    $rootStore.Close()

 
 

Now navigate back to IIS, go to the bindings… for the site, double-click on the https binding, and select the new SSL certificate you’ve just created from the drop-down list and click OK;

 

Modify Passwordstate Base URL

Lastly, you’ll need to specify the new base URL to reflect the new custom URL that you’ve set. To do this open your Passwordstate instance and navigate to Administration->System Settings->Miscellaneous Tab and update your Base URL as per the image below;


Note that this URL is used for
links in the emails, permalinks etc.

That’s it for this week and as always, your feedback is welcome via
support@clickstudios.com.au.

Passwordstate One-Time Password Authenticator

A One-Time Password (OTP) is a password that is valid for only one login session or access transaction. OTPs, used as part of 2FA (Two-Factor Authentication), offer an advantage in that they're not vulnerable to replay attacks. This means a … [Continue reading]

Update to Remote Session Launchers

Passwordstate has two first-in-class Remote Access Solutions, typically referred to as Remote Session Launchers, a Browser Based Launcher and a Client Based Launcher. The Remote Session Launchers are provided as part of the core Passwordstate … [Continue reading]

Second Sneak Peek at Passwordstate Version 9

The features, optimization and stability for Passwordstate V9 is coming along a treat. This week's blog aims to tease you with a couple more features designed to make your Passwordstate related work-life easier. Settings Search Functionality The … [Continue reading]

Encryption Keys Explained

Passwordstate utilises a number of techniques to ensure the security of your password credentials. One of these is implemented automatically during installation, when two unique encryption keys are created. These encryption keys use a 256 Bit AES … [Continue reading]

Reporting When a Sensitive Password has been Viewed

As discussed in last week's blog https://www.clickstudios.com.au/blog/passwordstate-email-notifications-explained/, Passwordstate is designed to keep Security Administrators and users informed when different events take place. Building on from that, … [Continue reading]

Passwordstate Email Notifications Explained

Passwordstate is designed to keep Security Administrators and users informed when different events take place. This is achieved through a combination of audit records, real-time monitoring and email notifications. With over 50 different types of … [Continue reading]

Remote Sessions Without Knowing the Password

A key feature of Passwordstate is being able to automatically authenticate to remote hosts, without the need for specifying your authentication credentials manually. This feature can be extremely useful when utilising contract staff to assist in … [Continue reading]

Protecting your Passwordstate Website when exposing it to the Internet

One of the great advantages of Passwordstate is being able to securely provide authorized employees with access to your password credentials whilst they're out of the office. This requires your Passwordstate instance to have a connection to the … [Continue reading]

Diagnose and Fix Passthrough Authentication Issues

Passwordstate has a couple of base authentication methods, Active Directory Integrated and Forms Based Authentication. When you setup Passwordstate for the first time you can choose which of these authentication options you want to use. By default, … [Continue reading]