Enable Internet Information Services (IIS) for Vault Installation

It is important to verify some basic system requirements. One of these requirements is the IIS application. Internet Information Services (IIS) Manager enables you to configure, control, and troubleshoot IIS and ASP.NET. Ensure that IIS is running and accurately configured and is using SSL for the default website.

To install Vault, you must have IIS on your web server with a minimum set of required features.

Note that, in general, an existing web server installation already has the features enabled you need to use Vault. Otherwise, you can use the Windows Server Manager to add IIS and the required related web platform technologies to your server instance. Verify installation of the required features, as generally described below.

Note: Depending on your server version, the Server Manager user interface may appear differently than the screen shots below.

  1. Start the Server Manager. Go to Manage and select Add Roles and Features.

 

  1. Next, choose your server, and then select Server Roles from the left-hand menu. You are making this server an IIS server.

    The specific set of roles needed are detailed for you in the following sections.

 

 

IIS Roles - Common HTTP Features

  1. Add the Web Server roles and associated features. Verify that each set of features contained in the overarching web server role is correctly enabled.

     

     

    IIS Roles - Common HTTP Features

    • Verify that the correct Common HTTP Features are enabled.
    • Note that you do not need HTTP Redirection unless you are setting up SSL on your site and wish to forward non-secure requests to your secure site.

     

     

    IIS Roles - Common HTTP Features

    • Verify that the Health and Diagnostics feature indicates that HTTP Logging is selected.

     

     

    IIS Roles - Common HTTP Features

    • Verify that the Performance feature indicates that Static Content Compression is selected.

     

     

    IIS Roles - Common HTTP Features

    • Verify that the following three Security features are selected: Request Filtering, Basic Authentication, and Windows Authentication.

     

     

    IIS Roles - Common HTTP Features

    • Verify that the following Application Development features are selected: .NET Extensibility 3.5, .NET Extensibility 4.5, ASP, ASP.NET 3.5, ASP.NET 4.5, CGI, ISAPI Extensions, and ISAPI Filters.

     

     

    IIS Roles - Common HTTP Features

    • Verify that the Management Tools feature indicates that IIS Management Console, IIS Management Scripts and Tools and Management Service are selected.

     

    IIS Roles - Common HTTP Features

  1. Select Features from the left-hand menu. Verify that the .NET Framework 3.5 and .NET Framework 4.5 features are enabled. ASP.NET 4.5 should also already be enabled in the .NET Framework 4.5 feature set.

 

Recommended Optional Steps to Disable SSLv3

As a best practice, it is recommended to disable SSLv3. Vulnerability scanners often flag and classify the use of SSLv3 as a medium risk to your organization. The following steps explain how to disable SSLv3 on your IIS server.

  1. Open the registry editor and run it as an administrator.
    • In the Start menu search field, type regedit.exe.
    • Right-click on regedit.exe and click Run as administrator.
  2. Registry Editor Disable SSLv3

  3. In the registry editor window, go to
    HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\ Control\ SecurityProviders\ Schannel\ Protocols\.
  4.  

    Registry Editor Disable SSLv3

  5. In the navigation tree, right-click on Protocols, and in the popup menu, click New > Key.
  6. Name the key SSL 3.0.
  7.  

    Registry Editor Disable SSLv3

  8. In the navigation tree, right-click on the new SSL 3.0 key that you just created, and in the pop-up menu, click New > Key.
  9. Name the key Client.
  10.  

    Registry Editor Disable SSLv3

  11. In the navigation tree, right-click on the new SSL 3.0 key again, and in the pop-up menu, click New > Key.
  12. Name the key Server.
  13.  

    Registry Editor Disable SSLv3

  14. In the navigation tree, under SSL 3.0, right-click on Client, and in the pop-up menu, click New > DWORD (32-bit) Value.
  15. Name the value DisabledByDefault.
  16. In the navigation tree, under SSL 3.0, select Client and then, in the right pane, double-click the DisabledByDefault DWORD value.
  17.  

    Registry Editor Disable SSLv3

  18. In the Edit DWORD (32-bit) Value window, change the value to 1 in the Value Data and then click OK.
  19.  

    Registry Editor Disable SSLv3

  20. In the navigation tree, under SSL 3.0, right-click on Server, and in the pop-up menu, click New > DWORD (32-bit) Value.
  21. Name the value Enabled.
  22. In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value.
  23.  

    Registry Editor Disable SSLv3

  24. In the Edit DWORD (32-bit) Value window, leave the value at 0 in the Value Data and then click OK.
  25. Restart your Windows Server.