Skip to end of metadata
Go to start of metadata


SSL stand for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by EV (Extended Validation) Certificate.

Obtaining and Installing Certificates from a Certificate Provider

SSL Certificates can be obtained from many difference sources, one obtained from a valid issuer insures that when a user accesses GlobalSearch, they are not prompted with a warning within their browser.  Different levels of SSL Certificates may offer various level of validation, ex: an Extended Validation certificate shows the address bar as green in some browsers, but the process to obtain an SSL Certificate with that level of validation is much more strenuous, sometimes requiring documentation to be sent in.

Examples of Certificate Provider include:

Generating a Certificate Request (For Certificates from Certificate Providers)

To obtain a SSL Certificate from an issuing company, you must generate a certificate request, the certificate request tells the signing authority information about the machine it's generating the certificate for.  This helps keep the certificate secured to your server.

  1. Go into IIS (inetmgr if launching from ‘run’)
  2. Select your Server name
  3. Click on "Server Certificates"

  1. Click on "Create Certificate Request"
  2. Complete the Certificate Request by completing the Common Name and other required information and click Next..
    1. Note: The "Common Name" is the URL your users will go to access your application, for example: globalsearch.mycompany.com
    2. For more information on what information is required in these fields, contact your Certificate Provider.

  3. Once all fields are filled in, choose your Crypographic Service Provider and Bitlength and click Next.. 
    1. For the correct bitlength and service provider, refer to your SSL Provider's recommendations.
  4. Select a location to save your certificate request and click finish.


Adding SSL Certificate (From a Certificate Provider)

In the event the client needs guidance on how to install an SSL Certificate, follow these instructions:

  1. Go into IIS (inetmgr if launching from ‘run’)
  2. Select your Server name
  3. Click on ‘Server Certificates’
  4. Click "Complete Certificate Request"
  5. Enter the path to the certificate you downloaded from your provider and provide a friendly name for the certificate. 

  6. Select your Certificate Store, in most cases this will be "Personal" and click "OK".

Creating Your Own Certificate (Self Signed)

Adding SSL Certificate (Self Signed)

If you or your client does not want to obtain a certificate from a issuing company, you can create a self signed certificate.  Self Signed Certificates will prompt a warning to the user in most browsers because they're not obtained from a validated issuing authority.  To create a Self Signed Certificate, follow these instructions.

  1. Go into IIS (inetmgr if launching from ‘run’)
  2. Select your Server name
  3. Click on ‘Server Certificates’
  4. Create a new Self-Signed Certificate and click OK
  5. Set and click OK
  6. Export the Self Signed Certificate (Optional, based on setup)

Please note: Errors installing the SSL Cert fall outside the purview and expertise of Square 9 Support and should be directed at local IT or at a Windows Technician

Adding and Removing Bindings from IIS

After you installed your Certificate, you must adjust your Bindings determine what port(s) users can access the website through. Since SSL/https runs on a different port than http, we're going to have to specify what port we're listening on for the external traffic.

  1. Right-click on your default website, or whichever website GlobalSearch is installed to.
  2. Select ‘Edit bindings’
  3. Click ‘Add’
  4. Select Type: HTTPS, SSL Certificate:, and the click OK.
    1. HTTPS uses Port 443 by default.
  5. (Optional) If you/your client wants to completely disable authentication over http (locally) remove http bindings (usually port 80). If client wants to let users authenticate from within the domain, you can keep your http bindings without issue.
    1. Note: If you disable HTTP access or change port numbers, you will have to repoint any existing clients that are referencing the HTTP website or old ports, GlobalSearch uses HTTP and port 80 by default when first installed.  



SSL Settings

  1. Cick on your Default Website in IIS again
  2. Select ‘SSL Settings’
  3. Click on Require SSL to enable it, and the select ‘Ignore’ for client certification
  4. Apply the changes

At this point, IIS should be correctly configured for SSL. The remaining portions of the configuration will have to do with modifying configuration files to use the new address and port.

Configuration File Changes - Web.config

After an SSL Certificate is applied there are changes which must be applied to the GlobalSearch server.

Square9REST web.config

  • Open the Square9Rest web.config, by default this lives on the GlobalSearch Application Server in: X:\Inetpub\wwwroot\Square9Rest\web.confg.
    • X:\ represents the drive letter that GlobalSearch was installed on.
    • Note:  It is recommend you backup this file before modifying them.
  • Un-comment the section below (if you are unable to find these lines, you can do a ctrl+f to find it):
<!--For SSL enable this section.-->
<!--
<binding>
<security mode="Transport" />
</binding>
-->


In versions of GlobalSearch prior to 4.2, you will also need to uncomment this section:


<!--For SSL enable this section.-->
<!-- 
<security mode="Transport" > 
<transport clientCredentialType="Windows"/> 
</security> 
-->

If you're on version 4.2 or below, also set your clientCredentialType value to “InheritFromHost“ so that it looks like so:

<!--For SSL enable this section.-->

<security mode="Transport" > 
<transport clientCredentialType="InheritFromHost"/> 
</security> 

Please be advised

DO NOT uncomment this section if you are above v4.2. It will cause your SSL to break and your users to experience an issue in logging into the GlobalSearch LAN Client.


Change this line:

 http://localhost/getsmart/folders.asmx
     
     To:
     
 https://localhost/getsmart/folders.asmx

Address Changes Across All Configuration Files

  1. Change all of the Program Configuration files to use ‘https’ instead of ‘http‘ and change the IP, or server name to the FQDN (Fully Qualified Domain Name. ex Fullyqualified.domain.name.com) This includes switching any references to 'Localhost' in the config files to use the FQDN.
  2. Configuration Files to Change: 
    1. All Configuration files in your Server Getsmart directory ending in .config, including your RestProxy.xml file
    2. All Configuration files in your Client Install Directory, including your RestProxy.xml file
    3. All Configuration files in your inetpub\wwwroot\getsmart\upgrades directory, including your RestProxy.xml file
    4. Your Engine configuration file in Capture Services\GlobalCapture_#\ Directory (4.4+)
    5. The web configs located in the following virtual directories:
      1. Getsmart
      2. Square9API
      3. Square9CaptureAPI (4.4+)
      4. Square9Rest
      5. Square9Viewer
  3. Here is a URL to test your configuration
https://INSERTYOURFQDN:443/Documents/db

If you are prompted to log in after this is done, you have correctly configured your SSL address for external use.

Need Help?

Square 9 can help install your certificate from your provider, but you should already have obtained a certificate from your Certificate Issuer.





Write a comment…