Securing Access to Responder Web

This optional configuration allows you to host the entire Responder Web application using HTTPS.

Setting up HTTPS

Browse to the web.config file at this location: C:\Inetpub\wwwroot\Responder.
Open Web.config. You can edit the file by opening it in an XML application (such as XML Spy) or by opening it in a simple text editing program (such as Notepad).
Insert the following two options in the appSettings section, if not already added, to disable URL path inspection:
```
<add key="secureByUrls" value="false"/>
<add key="undoUrlSecuring" value="false"/>
```
Save and close Web.config.
Set up IIS to require HTTPS for communication to the entire application:

Configure Switch Order Request Support for HTTPS

The following configuration allows support of Switch Order requests with HTTPS. This configuration is applied by default during installation. These configurations are done to inetpub\wwwroot\responder\web.config.

To make changes to the configuration for Switch Order requests with HTTPS, first locate the default code below:

<bindings>
          <basicHttpBinding>
            <binding name="secureHttpBinding">
              <!-- set mode="None" for http -->
              <!-- set mode="Transport" for https -->
              <security mode="None">
                <!-- set clientCredentialType="None" for the Forms authentication -->
                <!-- set clientCredentialType="Windows" for the Windows authentication -->
                <transport clientCredentialType="None"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>

The following changes can be made to the code according to your organization’s needs:
- If you are using Windows Authentication, the transport clientCredentialType needs to be changed to Windows.
- If you are using HTTPS, the security mode needs to be changed to Transport.

Windows 7

Open and follow the steps in the "How to Set Up SSL on IIS 7" article from Learn.IIS.net.

Windows 2008 R2 and Windows 2012

Open and follow the steps in the "How to Install Your SSL Certificate to Your Windows 2008 Server" article or the "How to Install and Configure Your SSL Certificate on Windows Server 2012" article from DigiCert.com.