Secure Socket Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols used to encrypt and secure communications. If you have the appropriate X.509 certificates for use with SSL/TLS, you can configure Laserfiche to take advantage of SSL or TLS. This will provide extra security for information sent between the Laserfiche Server and Client.
Requirements for Using SSL/TLS with Laserfiche
This section describes the required prerequisites for configuring Laserfiche with SSL/TLS.
Server Requirements: The Server computer must have a valid trusted root authority certificate and a valid server certificate signed by the trusted root authority, both in the Local Computer's certificate store and correctly configured.
You will also need to run the netsh.exe tool to create a configuration record. For more information on using this utility, see Netsh on the Microsoft website. The specific syntax you will need for this command is as follows
netsh http add sslcert ipport=0.0.0.0:443 certhash=ServerCertificateThumbprint appid=ValidGUID
where ServerCertificateThumbprint is replaced with the actual certificate thumbprint and ValidGUID is replaced with a valid GUID. The GUID must be valid, but you can use any valid GUID. If you do not have a GUID that you want to use, you can perform a web search for "guid generators" to find an application that will create a random GUID for you.
Note: While you can use any GUID, you may want to make a note of what GUID you use for future identification in logging or error messages.
Client Certificate Requirements: The Client computers must have a valid trusted root authority certificate. This may be in the Local Computer's certificate store, in which case the certificate can be used by all users, or in the current user's certificate store, in which case it can be used by the current user only. In either case, it must be in the "Trusted Root Certification Authorities" certificate folder.
IIS Requirements: If IIS will be running alongside SSL/TLS, it must be IIS version 7 or higher, due to port conflict issues.
Configuring SSL/TLS with Laserfiche
To use SSL or TLS with Laserfiche, you must configure the Server computer and specify that the users should use SSL or TLS with their client connections. Instructions for configuring the Server are below. To specify that SSL or TLS should be used with Client applications, see Using a Client Application with SSL/TLS.
To configure the Server computer for SSL/TLS
- Stop the Laserfiche Server Service. (See Starting or Stopping the Laserfiche Server Service for more information.)
- Verify that the prerequisites are in place and the server certificates have been correctly configured.
- On the Server computer, open the registry editor.
- Navigate to HKey_Local_Machine\SOFTWARE\Laserfiche\Engine\8.0\HttpServ.
- From the Edit menu, point to New and select DWORD.
- Name the value "SSLPort" and set its value to "443". Set the Base value to Decimal. (If your SSL/TLS implementation uses a different port, provide that port number instead.)
- Close the registry editor.
- Start the Laserfiche Server Service. (See Starting or Stopping the Laserfiche Server Service for more information.)
For more information on a specific server administration topic, return to the Server Admin home page.