Create URL Rewrite Rules to force HTTPS force Aperture as Default Console

How To:

Use these instructions to force all connections to be over SSL.  Also, you can set whether you want the default site for your server to be Web Administration Console, Aperture, or the User Portal.

These rules utilize the IIS URL Rewrite Module 2, which is a prerequisite for Director 10 and above. However, if you are using this article for Director 9 or below, you will need to download and install the Microsoft IIS URL Rewrite Module 2 from:


This article was originally written for Director 9 in 2013.  In 2014 the Venafi Trust Protection Platform was updated to support HTTPS by default.  Hence, some aspects of these URL Rewrite rules no longer apply for modern versions.

It is also worth noting that is Venafi Trust Protection Platform versions 21.2 and higher, this functionality is shipped with the product.


  1. Verify that you have Microsoft IIS URL Rewrite Module 2 installed on your Director server.  You can check "Programs and Features" in your Control Panel.

  2. Open up your web.config found in C:\Program Files\Venafi\Web\web.config in notepad
    Note: You installation location Venafi Director may very.

  3. Copy and paste the following code into your web.config file.  This should go right after the <configuration> tag on the second line of the web.config.


          <rule name="HTTP to HTTPS redirect" stopProcessing="true">
            <match url="(.*)" />
                <add input="{HTTPS}" pattern="off" />
            <action type="Redirect" url="https://{HTTP_HOST}/aperture" redirectType="Found" />
          <rule name="Root Hit Redirect" stopProcessing="true">
             <match url="^$" />
                <action type="Redirect" url="https://{HTTP_HOST}/aperture" redirectType="Found" />

  4. If you would like your default console to web Web Administration Console, then replace "Aperture" with "VEDAdmin" in the code above.  If you would like the User Portal to be your default web site, then replace "Aperture" with "Portal" in the code above.

  5. After the rules are in place, all requests to http://[DIRECTOR HOSTNAME] will redirect to https://[DIRECTOR HOSTNAME]/Aperture as the default site.

  6. "Require SSL" setting must be turned off in IIS and http port 80 binding must be enabled for all the rewrite rules to work correctly.

  7. Test the rules in your development environment before putting them into production.

Note: The above instructions are offered "As Is" without warranty or support of any kind.  Customers are responsible for assessing the impact of changes to their environment. 

Was this article helpful?
0 out of 0 found this helpful