5) Service Configuration Utility
Discover how Pleasant Password Server will enhance KeePass for business
The Service Configuration Utility packaged with Pleasant Password Server, allows administrators to configure various service components, which include:
- Database Type: stores your passwords and user information
- Database Location: where this is stored
- Encryption Key: protective security measure
- Server Port: which the web service uses to communicate
- TLS/SSL Certificate: defaulted to a placeholder certificate
Starting the Utility
This utility requires Administrative privileges to run, and is accessible after installation / upgrade through:
- Start menu -> Programs -> Pleasant Password Server-> Service Configuration
Before making any modifications, backup your connection string: so that you can recover access to your database if something goes wrong. This contains the database connection parameters & the encryption key.
WARNING: Please take care using this utility.
- By default the SQLite database is protected using the very secure AES-256 encryption algorithm.
- By default the encryption key is securely stored in the connection string and stored in a protected and encrypted registry key, and the key is only accessible via the Service Configuration Utility.
- Changing Databases allows Windows Authentication in place of encrypted key connection.
It is not recoverable if lost or deleted. Without the encryption key you cannot access your database.
- Store the entire contents of the Connection String field in a secure backup location, so that you can recover access to your database if something goes wrong. It's possible to expand the width of this window to see all text.
Note: This utility only instructs Pleasant Password Manager on how to connect to the database, but does not make any changes to the database itself.
Related topic: Database Backup and Restore
Note: If the encryption key for your SQLite database is lost or changed, there will be no way to recover data!
The Service Configuration Utility supports changing the connection string and database provider.
The default provider is SQLite, but can be changed to either MS SQL or PostgreSQL.
If you prefer to use an alternative database provider, you must enter a valid connection string for that type. If you do not know the correct connection string format for your database type, you may be able to find it here:
Once the Connection String field is set and the appropriate provider selected from the Database Provider drop down menu, click Save Changes to write these settings to the registry.
The Service Configuration Utility enables changing the port (default: 10001) that Password Server uses for the web service and any client applications.
Please note: Using a reserved port like 80 or 443 requires additional steps when hosting with IIS Express. See below.
Client software will by default use this port, even if the users do not specify it in their connection to the server.
The Web client from your browsers can also resolve without a port number, by using these methods:
- Setup a redirect in IIS to redirect incoming requests from your URL to the URL:port-number
Changing the port number to 443 will also accomplish this, but has the downside of directing all internet traffic to Password Server. Also see the additional steps required below.
To change the port:
Make sure nothing else is using the port you want to switch to. You can double-check with this tool:
Open a Command Prompt (run as administrator), then run netstat -b -p TCP -q from the prompt. Verify that the port you want does not appear in the Local Address column.
Type the port you want into the Port Number field, click Set Port.
If this is a standard port (such as ports 80 or 443), perform those steps (listed below).
Using a Reserved Port: like 80 or 443, requires additional steps when hosting with IIS Express. Hosting with IIS does not require these steps. ( Reference: https://docs.microsoft.com/en-us/iis/extensions/using-iis-express/handling-url-binding-failures-in-iis-express#using-a-reserved-port )
Stop the Pleasant Password service
Run cmd.exe (as administrator), run the command:
netsh http add urlacl url=https://YOURSERVERNAME:443/ user=everyone
Open the file:
%ProgramData%\Pleasant Solutions\Password Server\IISExpress\PleasantPasswordManagerHost.config
Add the line to the binding section of the PleasantPasswordServer site:
<binding protocol="https" bindingInformation="*:443:YOURSERVERNAME" />
- Start the service.
The Service Configuration Utility allows for custom SSL certificates to be imported and used by Password Server.
To import an SSL certificate, click Import Certificate and enter the password that was set to protect the private key of your certificate.
Click Clear to revert to the default placeholder certificate (Note: this will not delete anything).
To delete a certificate (optional), use:
- MMC Certificates snap-in (Computer account, Personal store).
Alternatively, change Certificates by using PowerShell commands: