You are viewing limited content. For full access, please sign in.

Question

Question

Looking for clarification on SSL installation instruction

Updated September 18, 2014
asked on April 16, 2014

I am following the article to install an SSL certificate and missing a lot of information.

 

http://www.laserfiche.com/support/webhelp/Laserfiche/9.1/en-US/AdminGuide/LFAdmin.htm#Using_SSL_TLS.htm

 

The first requirement is somewhat clear except the very last statement.

 

The Server computer must have a valid trusted root authority certificate and a valid server certificate signed by the trusted root authority, both in the Local Computer's certificate store and correctly configured.

 

Does anyone know what is meant by correctly configured? I have the certificates provided by our trusted authority but no additional configurations have been made.

 

You will also need to run the Microsoft HTTP Configuration Utility to create a configuration record. For more information on using this utility, seeHTTPCfg Overview on the Microsoft website. The specific syntax you will need for this command is as follows

 

There is a link to a Microsoft page on using HTTPCFG.exe but no download. I could not find a download by searching Google. Seaching for Server 2008 R2 tools did not lead to any working links from Microsoft.

0 0

Answer

APPROVED ANSWER SELECTED ANSWER
replied on April 16, 2014 Show version history

Does anyone know what is meant by correctly configured?

 

Basically, just that you have a server certificate with its private key installed into your certificate store.

 

There is a link to a Microsoft page on using HTTPCFG.exe but no download. I could not find a download by searching Google. Seaching for Server 2008 R2 tools did not lead to any working links from Microsoft.

 

The instructions on the web help are out of date, HttpCfg.exe was used for Windows versions up to XP. I've submitted a request to get that help page updated, thanks for calling it to our attention.

 

In Windows Vista/2008 and newer, you'll use netsh.exe instead. The syntax looks like this:

 

netsh http add sslcert ipport=0.0.0.0:443 certhash=<MY_CERT_HASH> appid={<GUID>}

 

Replace "<MY_CERT_HASH>" with the thumbprint for the desired SSL certificate, and "<GUID>" with any valid GUID. For more information, see this MSDN article.

 

Otherwise, just make sure that your client trusts a signing authority for the server's certificate.

3 0
replied on April 17, 2014

Thanks! I ran the command, hope it worked. I guess there is no way to test before requesting the service restart.

0 0

Replies

replied on April 16, 2014 Show version history

I found this, maybe it will help with some digging.

Windows Server 2008:  HttpCfg.exe is obsolete and replaced by similar functionality in netsh.exe. I found two references to netsh.exe in my searches but haven't gone beyond that. Maybe a starting point for you though.

 

Just saw Mathew's reply, sounds like a plan!

1 0
replied on September 18, 2014

I am still unclear as to where the appid comes from.  "Any valid GUID" is vague to me.

0 0
replied on September 18, 2014

The GUID is completely arbitrary. Just generate one, any one, and stick it in there. Try http://www.famkruithof.net/uuid/uuidgen for a free service.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...