ScreenConnect – enable SSL with permanent redirection to HTTPS

ScreenConnectLogoExpress guide how to enable SSL certificate with redirection from http to https on Windows Server 2012 R2

Before you begin

This article assumes you have properly configured ScreenConnect server in production/testing environment with Passed statuses (everything is green in Admin panel) and you have generated SSL certificate to your domain (check Browser URL status) – for example support.contoso.com in pkcs12 format via OpenSSL. This tutorial shows steps which were tested under Windows Server 2012 R2 in production environment at the University. This is modified tutorial from original Reid’s ScreenConnect team member. I’m not responsible for any damage or harm on your server.

Tested & Compatible with: 4.3 – 5.3 stable versions.

Enabling SSL

  • Open web.config where is ScreenConnect installed and change key value of WebServerListenUri to:

  • Save web.config and generate your desired SSL (self signed or via cert. authority) certificate in .p12 or .pfx form and import it to Local Machine > Personal (you can do it via double clicking to certificate or via MMC snap-in module).
  • Now we need to get Thumbprint of imported certificate so run powershell and type command:

  • Copy thumbprint of your imported certificate which you’ll use for ScreenConnect application, then run via CMD:

  • Where XXXX is thumbprint of your certificate
  • Now communication via 443 port will be bounded with this certificate.
  • If you wish to show active ssl certs via http protocol run:

  • Remember to make firewall exception for port 80 and 443!

Redirecting http to https

  • Open your ScreenConnect web.config and navigate to <appSettings> section and add new line WebServerAlternateListenUri key under WebServerListenUri, remember also to modify/add lines (it depends on your environment) with RedirectFromBaseUrl and RedirectToBaseUrl keys, whole configuration result should look like this:

  • Find <httpModules> section in web.config and again create new line BaseUrlRedirectionModule with following result:

  • Download BaseUrlRedirectionModule.cs (click save as)
  • Create subdirectory called “App_Code” inside ScreenConnect folder where is installed and put inside newly created folder App_Code downloaded file BaseUrlRedirectionModule.cs.
  • Restart ScreenConnect Web Server service:

Done. Now ScreenConnect should listen on usual http 80 port which will be immediately redirected to https 443 port. So guest from http://support.contoso.com will be redirected to https://support.contoso.com.

  1. Hi Michael,

    Thanks for the great article! It looks like you left one piece of the puzzle out though. When redirecting http to https, you must also add the following two keys to your appSettings:

    See step #5 here:
    http://forum.screenconnect.com/yaf_postsm11906_HTTP-redirect-to-HTTPS.aspx#post11906

    Thanks again!
    Reid

    • Hello Reid,

      Thank you for review but I must admit these 2 steps were there but without warning about adding/modifying it, so It was confusing. I’ve highlighted these 2 lines and also notified about this needed change.
      Thanks for useful comment.

      Michael

  2. Followed your writeup today with a new installation and it worked as desired. Thanks!

  3. Thanks for this guide! I am having a weird problem though. When accessing the http://screenconnnectserver.server.com the browser doesn’t redirect but instead drops an authentication popup that states “http://screenconnectserver.server.com:80 requires a username and password”

    Navigating directly to the https://screenconnectserver.server.com works properly so I can tell the SSL cert is installed correctly, but the redirect doesn’t seem to work.

    Any help would be greatly appreciated.

  4. I put together a simple (probably superfluous) PowerShell command to do everything listed here.

    You can save this code snippet as a .ps1 file, then open PowerShell, and run the file.

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">

%d bloggers like this: