I just setup HTTPS on my local agent by following the docs. Everything is functioning as expected.
When looking on the “Default Web Site” in IIS I get an alert saying:
No default SSL site has been created. To support browsers without SNI capabilities, it is recommended to create a default SSL site.
I understand this mostly impacts old browsers, but I wonder if this will impact any DataMiner functionality.
Aside from very old browsers not being able to reach the website (all major browsers have had SNI support for quite some time now), I’m not expecting further issues with DataMiner functionality or at least haven’t seen any so far related to this. The warning here can most likely be safely ignored.
If this would turn out to be an issue after all, it should be possible to resolve the issue by unchecking the “Require Server Name Indication” checkbox for one of the HTTPS binding configurations. (also see here)
You only need SNI support in case you want your DMA accessible through multiple hostnames (FQDN) from the same IP with HTTPS using separate certificates (you could also host another website on the same server this way). Without SNI, the secure connection already gets created before IIS knows which hostname you want to access, so it can’t know which certificate it should use, in this case it takes the default (where require SNI is unchecked). If this certificate then doesn’t match with the FQDN that the user specified, the secure connection will fail. Without SNI, you need to use a separate IP address per website/certificate.
If you only have one website with one certificate, then you don’t need SNI at alll and you can just uncheck it. Normally this is the case with a DataMiner Agent.
Thank you for confirming this!