You are viewing limited content. For full access, please sign in.

Question

Question

Audit Trail 11 - Search Engine Settings

Audit Trail Version 11 Self-Hosted
Updated January 2, 2024
asked on December 29, 2023

I'm configuring a new Audit Trail server using Audit Trail 11 update 5.  I'm attempting to select "Use TLS" but when I save the settings I get the following error message:

All of the services are running as Local System:

Do I need to change the services user to a domain user to be able to use TLS?

0 0

Answer

SELECTED ANSWER
replied on January 1, 2024

Hi, Craig,

 

Looks like you are connecting Audit Trail to LFFTS using TLS. If so, you can do the following:

 

1. Check LFFTS is configured to listen on TLS port (typically the TLS port is 5054)

2. Check LFFTS can be accessed on TLS port by sending request "GET https://{FQDN}:{TLS port}/lffts/api/version"

3. If the step 2 fails, check urlacl is allowing Local System on "https://+:{TLS port}/lffts"

4. Change Search Engine Settings on Audit Trail Configuration site to connect to TLS port

 

For configuring LFFTS to listen on TLS port, you can follow the steps:

 

1. Delete the certificate binding for port 5053 by running
netsh http delete sslcert ipport=0.0.0.0:5053

2. Go into the registry to HKEY_LOCAL_MACHINE\SOFTWARE\Laserfiche\LFFTS\Config and make the following changes:
set "ListenOnSSLPort" to true
set "SSLPort" to 5054 (or another port that is unused by any other application and is open)

3. Bind the SSL certificate to port 5054
netsh http add sslcert ipport=0.0.0.0:5054 certhash=7d33833460acd2617ed923c9fbf2a7dd6abd91c6 appid={8f5223f3-7f4d-444d-b5fc-86fb237fcfdb}

4. Restart the LFFTS service

2 0

Replies

replied on January 2, 2024

Jiajun Hu thanks for the answer.

The part that was confusing me was that I was thinking that port 5053 would be used for TLS, but 5053 is the port for non-TLS communication.  So port 5054 (or another available port) must be configured to be used for TLS.

 

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...