You are viewing limited content. For full access, please sign in.

Discussion

Discussion

Configuring SSL/TLS encryption documentation had bad parameters

Security
Updated July 25, 2024
posted on July 23, 2024

I was getting the parameter is incorrect when using this document today.

https://support.laserfiche.com/resources/3896/configuring-ssl-tls-encryption-in-laserfiche

It seems that certificatehash is missing both an opening { and closing } and that the appid parameter can not go after the certhash parameter.

Found from this stack overflow article

https://stackoverflow.com/questions/779228/the-parameter-is-incorrect-error-using-netsh-http-add-sslcert

After I made the corrections the error went away

I think enabling TLS is common enough that it would be good to have as an official feature in Admin Console. We could also use a Require TLS option so the users and other services can't just bypass it.

0 0
replied on July 23, 2024

That's a Command Prompt (cmd.exe) vs PowerShell syntax issue, which the Stack Overflow replies discuss. Our docs should include a note about it.

In any event, that "Configuring SSL/TLS Encryption in Laserfiche" whitepaper is due for an update. The current corresponding Forms Admin Guide documentation page for Configuring the Notification Service for real-time updates on the Tasks page has a "Configuring Notification Service When Using TLS" section that says:

When you configure Laserfiche Forms to require TLS, use the Notification Configuration Utility, which by default can be found at the following location: C:\Program Files (x86)\Laserfiche\Laserfiche Notification\NotificationConfigurationUtility.exe

For previous versions of Laserfiche Forms, follow the steps below.

....

[manual steps with the netsh command and a screenshot showing it running in cmd.exe]

We added the ability to configure TLS through this utility specifically so people don't have to deal with running the netsh terminal commands.

1 0
replied on July 25, 2024

Yea the doc just says to run the following netsh command, not to run it in PowerShell, so I guess that's the confusion.

This Notification Configuration Utility finally explains why I was able to skip this step on many servers and only configure the registry entry. Those servers must have had Forms installed. Good to know!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...