You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche and TLS

Laserfiche Security
Updated July 24
asked on July 23

Hello,

I have a customer who wants to enable TLS communication for their Laserfiche server. It's a relatively small environment - 1 server that hosts LFS, LFDS, LFFTS, Forms, Web Client, Workflow, Import Agent, and SQL Express.

Setting up HTTPS in IIS is easy enough, but what I'm not sure about is enabling TLS for the Laserfiche server so that client PCs using the Windows client communicate with LFS using TLS. With everything else being hosted on the Laserfiche server itself, that's the only communication between client PCs and the server that doesn't go through IIS.

When we configure the Laserfiche server to use TLS, will we need to update all the other LF apps (Workflow, Forms, etc) hosted on the Laserfiche server to use TLS? Will we run into issues with port 443 if we use that port for HTTPS in IIS and for TLS between clients and LFS? I can't tell if everything being hosted on the same server machine makes this more difficult or easier.

Any help is appreciated. If you can't tell, I haven't set up TLS with the Laserfiche server before.

0 0

Answer

APPROVED ANSWER
replied on July 23 Show version history

When we configure the Laserfiche server to use TLS, will we need to update all the other LF apps (Workflow, Forms, etc) hosted on the Laserfiche server to use TLS?

No, provided you do not take specific actions to block localhost TCP port 80 traffic (don't).

Will we run into issues with port 443 if we use that port for HTTPS in IIS and for TLS between clients and LFS?

No, provided you did not enter anything in the "Host name" field of the certificate binding configuration in IIS (don't). IIS and Laserfiche Server can both listen on 443 at the same time. Even if the 443 certificate binding is configured from IIS, the binding is associated with TCP port 443 at the system level, not IIS directly.

 

1 0
replied on July 24

Awesome, thanks! I've seen your other replies to questions like this and will definitely be taking your advice of "talk to some people with more experience" before I do anything with this outside of a test environment.

1 0

Replies

replied on July 23

See the post I just made while enabling it a moment ago, since I found some of the params seemed to be incorrect and this might help. Also has a link to the documentation on how to do it. Once enabled it is not required, so you do not HAVE to update other services to use it, it is up to you. There is no problems with the fact that the services use the 443 port, somehow it just works, I think because IIS allows Windows Services to pass traffic through. We have enabled it on dozens of servers using port 443 that also host the web services.

https://answers.laserfiche.com/questions/221262/Configuring-SSLTLS-encryption-documentation-had-bad-parameters

1 0
replied on July 23

Hi Chad,

Hmmm, maybe it's not that big of a deal then. Once the certificates are figured out, which should be a customer IT thing, page 9 and page 11 of that whitepaper might be all we'd need to worry about then? 

0 0
replied on July 23

There should just be 2 steps listed under Laserfiche Server. Bind the certificate (the command line method) and enable SSL (via direct registry modification)

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...