Home → Supercharger KB → How To → Using HTTPS with Windows Event Forwarding and Supercharger

5.15. Using HTTPS with Windows Event Forwarding and Supercharger

We do not provide consulting for using WEC over HTTPS as part of Supercharger support contracts. The following information is provided as a courtesy and may not cover every detail or situation in your environment because of the complexity of PKI.

We will provide support on configuring the Supercharger IIS website to use HTTPS in terms of the local configuration of IIS. It is your responsibility to enroll the server with a valid server certificate and private key and import it. We do not provide support on PKI issues or certificate enrollment.

The following information may be of help.

There are two different areas where HTTPS may be used:

1. Forwarding events with WEC using a https:// URL for the target subscription manager when you target computers at the collector
2. Accessing the Supercharger GUI/Dashboard through HTTPS, for example, https://localhost/Supercharger

For #1 above there are a few things you have to do:

• ​Install a certificate for the server along with its private key. This can easily be done using an Enterprise CA in AD.
• The signing CA of the server certificate must be trusted by the forwarder computers​.
• Make sure permission on the private key allow WinRM to access it.
• Create a firewall exception rule to allow data over port 5986.
• You may have to run "winrm qc -transport:https". This would have to be ran after the cert is installed and configured.
• Change the URL in target subscription manager to be https using port 5986

For #2 above there are many options to complete this. Configuring Supercharger to use HTTPS is the same as configuring HTTPS for any website. Your organization will have to determine which process meets its security requirements. Because of this, we do not provide a guide for setting up websites using HTTPS for every scenario as this is fully documented online from multiple resources. Below, though, are a few points to keep in mind. Here is a link to one scenario for "How To Setup Supercharger Web GUI for HTTPS".

• (You can use the same certificate as #1 above)
• ​Install a certificate for the server along with its private key. This can easily be done using an Enterprise CA in AD.
• The signing CA of the server certificate must be trusted by the client computers​.
• The signing CA of the server certificate must be trusted by the forwarder computers​.
• Make sure permission on the private key allow WinRM to access it.
• Create a firewall exception rule to allow data over port 443.
• Configure IIS to use the certificate for the Supercharger site.