Hello,
I have a customer who wants to enable TLS communication for their Laserfiche server. It's a relatively small environment - 1 server that hosts LFS, LFDS, LFFTS, Forms, Web Client, Workflow, Import Agent, and SQL Express.
Setting up HTTPS in IIS is easy enough, but what I'm not sure about is enabling TLS for the Laserfiche server so that client PCs using the Windows client communicate with LFS using TLS. With everything else being hosted on the Laserfiche server itself, that's the only communication between client PCs and the server that doesn't go through IIS.
When we configure the Laserfiche server to use TLS, will we need to update all the other LF apps (Workflow, Forms, etc) hosted on the Laserfiche server to use TLS? Will we run into issues with port 443 if we use that port for HTTPS in IIS and for TLS between clients and LFS? I can't tell if everything being hosted on the same server machine makes this more difficult or easier.
Any help is appreciated. If you can't tell, I haven't set up TLS with the Laserfiche server before.
Question
Question
Laserfiche and TLS
Replies
See the post I just made while enabling it a moment ago, since I found some of the params seemed to be incorrect and this might help. Also has a link to the documentation on how to do it. Once enabled it is not required, so you do not HAVE to update other services to use it, it is up to you. There is no problems with the fact that the services use the 443 port, somehow it just works, I think because IIS allows Windows Services to pass traffic through. We have enabled it on dozens of servers using port 443 that also host the web services.
Hi Chad,
Hmmm, maybe it's not that big of a deal then. Once the certificates are figured out, which should be a customer IT thing, page 9 and page 11 of that whitepaper might be all we'd need to worry about then?
There should just be 2 steps listed under Laserfiche Server. Bind the certificate (the command line method) and enable SSL (via direct registry modification)
When we configure the Laserfiche server to use TLS, will we need to update all the other LF apps (Workflow, Forms, etc) hosted on the Laserfiche server to use TLS?
No, provided you do not take specific actions to block localhost TCP port 80 traffic (don't).
Will we run into issues with port 443 if we use that port for HTTPS in IIS and for TLS between clients and LFS?
No, provided you did not enter anything in the "Host name" field of the certificate binding configuration in IIS (don't). IIS and Laserfiche Server can both listen on 443 at the same time. Even if the 443 certificate binding is configured from IIS, the binding is associated with TCP port 443 at the system level, not IIS directly.