If I have Web Access installed on a server in the DMZ with an SSL certificate - do I need another SSL certificate on the Laserfiche server?
The SSL certificate you installed on your Web Access server will allow encrypted communication between a web browser and Web Access. Since Web Access is in a DMZ you would typically also want to encrypt the communication between Web Access and the Laserfiche server, and this does require an SSL certificate for the Laserfiche server. Ramsey's first link should explain how.
To my knowledge, you should only require an SSL Certificate installed on your WebAccess server where IIS is installed, for the selected external DNS host name, ie WebAccess.ABCIndustries.com
The only time you'll need an SSL Certificate on the Laserfiche Server itself would be if you would like to encrypt communications from the Laserfiche Server to the WebAccess server, this would add an extra layer of secure communications on your internal traffic. This however won't be necessary if you're just looking to insure SSL is enabled for users from their Web Browsers.
Source: http://www.laserfiche.com/support/webhelp/webaccess/9.1/en-US/WAA/WAConfiguration.htm#cshid=Configuring%20SSL%20between%20the%20Web%20Access%20and%20Laserfiche%20Servers.htm
Here are the user instructions for configuring SSL for end users on the browser side:
http://www.laserfiche.com/support/webhelp/webaccess/9.1/en-US/WAA/WAConfiguration.htm#cshid=Configuring%20SSL.htm
Hopefully those help.
Thanks for the info. Just to be clear - since the Web Access server is in a DMZ is having the SSL certificate on the Web Access server overkill and I should just move it to the Laserfiche server? Or is it best to have 2 SSL certicates?
There are two communication channels involved here, the one between the browser and Web Access and the one between Web Access and the Laserfiche server. The server end of the channels have different host names and so will generally require different certificates, so it's not a matter of simply moving a certificate. If your data is sensitive enough to require encryption for one of them, the fact that Web Access is in a DMZ suggests that you also want to encrypt the other one.
The PowerPoint slides from EDM206 touch on this subject.