Secure Your TDoD Configuration

If your site uses SSL certificates, you can optionally choose to configure the Test Data on Demand (TDoD) component for secure SSL environments.
If your site uses SSL certificates, you can optionally choose to configure the Test Data on Demand (TDoD) component for secure SSL environments.
Run the following command line to add the SSL certificate binding for an IP Address and port. The certhash value is specific to the certificate that is being created for the install.
netsh http add sslcert ipport=0.0.0.0:8090 certhash=
0000000000003ed9cd0c315bbb6dc1c08da5e6
appid={00112233-4455-6677-8899-AABBCCDDEEFF}
The following codeblock shows the relevant sections to change in the configuration file:
<bindings> ... <webHttpBinding> <!-- Default (without a name), required since this is a bug in the WCF server? --> <binding closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647 " maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /> <security mode="Transport"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> </security> </binding> </webHttpBinding> </bindings> ... <serviceBehaviors> <behavior name="TDMoD"> <dataContractSerializer maxItemsInObjectGraph="2147483647" /> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpsGetEnabled="true" /> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> ... <services> <service name="GTWCF.GTService" behaviorConfiguration="TDMoD"> <endpoint address="GTService" binding="basicHttpBinding" contract="GTWCF.GT_I" behaviorConfiguration="TDMoDFaultBehavior"> </endpoint> <endpoint address="TDoDREST" binding="webHttpBinding" contract="GTWCF.GT_I" behaviorConfiguration="webHttpBehavior"> </endpoint> <endpoint address="" binding="webHttpBinding" contract="GTWCF.IPolicyRestriction" behaviorConfiguration="webHttpBehavior" /> <host> <baseAddresses> <add baseAddress="https://*:8090/" /> </baseAddresses> </host> </service> </services>
For more information about how to get the certificate thumbprint, see how to retrieve the thumbprint of a certificate (microsoft.com)