Step 11: Configure TLS and Close Migration Wizard

Close the migration wizard and configure TLS if needed. This step is mandatory whether or not you use TLS—you must close the wizard to enable Pickup Service configuration.

---

Prerequisites

• Step 10 completed – Core functionality verified
• Portal access to your Environment
• If using TLS: Certificate installed in IIS with thumbprint documented

---

Understanding This Step

Regardless of whether you use HTTPS or HTTP, closing the migration wizard is mandatory. Until the Portal Environment modal is closed, the Pickup Service cannot be configured or installed in Step 12.

If you are re-enabling TLS after the upgrade, you must also re-enter your certificate thumbprint before closing — the upgrade process does not carry TLS settings forward automatically.

Choose Your Path

	Option	When to use
	Option A: Re-enable TLS	You are restoring HTTPS — your certificate is installed in IIS and DNS is configured
	Option B: Continue Without TLS	You are running HTTP only (e.g., intranet) and only need to close the wizard

---

Option A: Re-enable TLS (If Using HTTPS)

Steps

1. Go to Portal → your Environment
2. Navigate to TLS tab:
   • Host / Domain: Your DNS name (e.g., nodinite.yourdomain.com)
   • Certificate Thumbprint: Copy from IIS Server Certificates (remove spaces)

Example of the TLS tab showing the Hostname / SNI and Certificate Thumbprint fields.

Important

When migrating from v6, Nodinite runs in Windows authentication mode. The hostname you enter here must be in the browser's Local Intranet Zone — otherwise the browser falls back from Kerberos to NTLM, causing severe performance degradation (4+ second response times per page). Add the hostname to the intranet zone via Group Policy before going live. See NTLM vs Kerberos Authentication for diagnosis and fix instructions.

3. Navigate to Basic tab:
   • Change Web Client Port to 443 (or your SSL port)
4. Click Save
5. (Optional) Navigate to the Agents tab and configure the Pickup Log Events Service (service account, port, Log API endpoint) before downloading — this saves a round trip to the Portal. Full details in Step 12.
6. Click Download
7. Extract ZIP, unblock files
8. Open PowerShell 7 as Administrator
9. Navigate to extracted folder
10. Run uninstall script:

    .\Nodinite7-DEMO-UnInstall.ps1  # Replace DEMO with environment name
    

    Important

    The uninstall step is required to cleanly remove existing IIS bindings before the new HTTPS bindings can be created. It does not touch your databases or configuration files — all data is preserved.

11. Run install script:

    .\Nodinite7-DEMO-Installation.ps1  # Replace DEMO with environment name
    

12. Verify HTTPS: Open https://nodinite.yourdomain.com
13. Check padlock icon and login works
14. Close migration wizard: In Portal, close Environment modal

---

Option B: Continue Without TLS (HTTP Only)

Steps

1. Go to Portal → your Environment
2. Verify Basic tab settings are correct
3. Close Environment modal to exit migration wizard

---

Completion Checklist

• If using TLS (Option A):
  • Certificate thumbprint configured
  • Web Client accessible via HTTPS
  • Padlock icon visible, no certificate errors
  • Can log in via HTTPS
• If using HTTP (Option B):
  • Configuration verified
  • Web Client accessible via HTTP
• Migration wizard closed in Portal
• Portal access to Pickup Service now available

---

Troubleshooting

"HTTP Error 500.21" After Install

Problem

Web Client shows handler error.

Solution

• Verify .NET 10.0 Hosting Bundle installed
• Restart IIS: iisreset /restart
• Re-run installation script

Browser Shows "Not Private" Warning

Problem

Certificate warning in browser.

Solution

• For development: Click Advanced → Proceed (expected for self-signed certs)
• For production: Replace with CA-issued certificate

---

Next Step

• Step 12: Install Pickup Service

Related Topics

• TLS Configuration Guide
• Certificate Management
• NTLM vs Kerberos Authentication