How To Perform A GlobalSearch SSL Switch-over
SSL stand for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by EV (Extended Validation) Certificate.
Obtaining and Installing Certificates from a Certificate Provider
SSL Certificates can be obtained from many difference sources, one obtained from a valid issuer insures that when a user accesses GlobalSearch, they are not prompted with a warning within their browser. Different levels of SSL Certificates may offer various level of validation, ex: an Extended Validation certificate shows the address bar as green in some browsers, but the process to obtain an SSL Certificate with that level of validation is much more strenuous, sometimes requiring documentation to be sent in.
Examples of Certificate Provider include:
Generating a Certificate Request (For Certificates from Certificate Providers)
To obtain a SSL Certificate from an issuing company, you must generate a certificate request, the certificate request tells the signing authority information about the machine it's generating the certificate for. This helps keep the certificate secured to your server.
Go into IIS (inetmgr if launching from Command Prompt or Run)
Select your Server name
Click on "Server Certificates"
Click on "Create Certificate Request"
Complete the Certificate Request by completing the Common Name and other required information and click Next.
Note: The "Common Name" is the URL your users will go to access your application, for example: globalsearch.mycompany.com
For more information on what information is required in these fields, contact your Certificate Provider.
Once all fields are filled in, choose your Crypographic Service Provider and Bitlength and click Next..
For the correct bitlength and service provider, refer to your SSL Provider's recommendations.
Select a location to save your certificate request and click finish.
Click to enlarge
Adding SSL Certificate (From a Certificate Provider)
In the event the client needs guidance on how to install an SSL Certificate, follow these instructions:
Go into IIS (inetmgr if launching from Command Prompt or Run)
Select your Server name
Click on ‘Server Certificates’
Click "Complete Certificate Request"
Enter the path to the certificate you downloaded from your provider and provide a friendly name for the certificate.
Select your Certificate Store, in most cases this will be "Personal" and click "OK".
Please note: If you are having trouble installing an SSL Certificate, please consult with your certificate provider or network administrator.
Creating Your Own Certificate (Self Signed)
Adding SSL Certificate (Self Signed)
If you or your client does not want to obtain a certificate from a issuing company, you can create a self signed certificate. Self Signed Certificates will prompt a warning to the user in most browsers because they're not obtained from a validated issuing authority. To create a Self Signed Certificate, follow these instructions.
Go into IIS (inetmgr if launching from Command Prompt or Run)
Select your Server name
Click on ‘Server Certificates’
Create a new Self-Signed Certificate and click OK
Set and click OK
Export the Self Signed Certificate (Optional, based on setup)
Adding and Removing Bindings from IIS
After you installed your Certificate, you must adjust your Bindings determine what port(s) users can access the website through. Since SSL/https runs on a different port than http, we're going to have to specify what port we're listening on for the external traffic.
Right-click on your default website, or whichever website GlobalSearch is installed to.
Select ‘Edit bindings’
Click ‘Add’
Select Type: HTTPS, SSL Certificate:, input your hostname; example: globalsearch.mycompany.com and then click OK.
HTTPS uses Port 443 by default.
Note: If is not recommended to remove http bindings from the Square 9 Website/Default website, doing so may impede future upgrades, if you are looking to restrict access to GlobalSearch over HTTP, you can remove change your HTTP binding to the loopback adapter address of 127.0.0.1 or block connections to port 80 on the Windows Firewall
Configuration File Changes - Web.config
After an SSL Certificate is applied there are changes which must be applied to the GlobalSearch server.
Be sure to make a copy of your configuration files before altering them in case you need to revert the changes
Versions 3.3.1.0 - 5.0.0.0
Square9REST web.config
Open the Square9Rest web.config, by default this lives on the GlobalSearch Application Server:
C:\inetpub\wwwroot\Square9Rest\web.config
Uncomment the section below (if you are unable to find these lines, you can do a ctrl+f to find it):
<!--For SSL enable this section.-->
<!--
<binding>
<security mode="Transport" />
</binding>
-->
In versions of GlobalSearch prior to 4.2.0.0, you will also need to uncomment this section:
<!--For SSL enable this section.-->
<!--
<security mode="Transport" >
<transport clientCredentialType="Windows"/>
</security>
-->
You will also need to set your clientCredentialType
value to InheritFromHost
so that it looks like so:
<!--For SSL enable this section.-->
<security mode="Transport" >
<transport clientCredentialType="InheritFromHost"/>
</security>
Do not uncomment this section if you are above v4.2. It will cause your SSL to break and your users to experience an issue in logging into the GlobalSearch LAN Client.
Change this section of the file to point to the https address.
<setting name="Square9_Rest_SSFolders_SSFolders" serializeAs="String">
<value>https://localhost/getsmart/folders.asmx</value>
</setting>
Depending on your installed version of SmartSearch/GlobalSearch you may not have some of the following configuration files on your system. This is expected as those parts of the program have been deprecated and are no longer included in new installs past GlobalSearch 6.1
Address Changes Across All Configuration Files
Change all of the Program Configuration files to use ‘https’ instead of ‘http‘ and change the IP, or server name to the FQDN (Fully Qualified Domain Name. ex Fullyqualified.domain.name.com) This includes switching any references to 'localhost' in the config files to use the FQDN.
Location | GlobalSearch Version | Notes |
---|---|---|
C:\GetSmart | ||
C:\GetSmart\CaptureDesigner.exe.config | ||
C:\GetSmart\ImageXChange.exe.config | ||
C:\GetSmart\Square9.GAUpConverter.exe.config | ||
C:\GetSmart\Square9.GlobalAction.exe.config | GlobalSearch 5.0.0.111 and below | |
C:\GetSmart\ActionServices\GlobalAction_1\Square9.GlobalAction.exe.config | GlobalSearch 5.0.0.111 and up | Note that you will have to update every engine’s config file if you have multiple |
C:\GetSmart\Square9.QBPush.exe.config | GlobalSearch 5.0 and below | |
C:\Program Files\Square 9 Softworks\QuickBill\Square9.QBPush.exe.config | GlobalSearch 6.1 and up | |
C:\GetSmart\Square9.WebActivator.exe.config | ||
C:\GetSmart\ssCaptureManager.exe.config | ||
C:\GetSmart\ssContentIndex.exe.config | ||
C:\Program Files\Square 9 Softworks\Content Search\ssContentIndex.exe.config | GlobalSearch 6.1 and up | |
ssDocWFManager.exe.config | ||
C:\GetSmart\SSIMPORTERWS.exe.config | GlobalSearch 5.0 and below | |
C:\Program Files\Square 9 Softworks\Importer\SSIMPORTERWS.exe.config | GlobalSearch 6.1 and up | |
C:\GetSmart\SSInterface.exe.config | GlobalSearch 5.0 and below | |
%localappdata%\GlobalSearchDesktopClient\app-6.2.109-Build0 | GlobalSearch 6.1 and up | Pick directory with the latest version number |
C:\GetSmart\RestProxy.xml | GlobalSearch 5.0 and below | |
C:\GetSmart\SSLicenseClean.exe.config | GlobalSearch 5.0 and below | |
C:\Program Files\Square 9 Softworks\License manager\SSLicenseClean.exe.config | GlobalSearch 6.1 and up | |
C:\GetSmart\SSScan.exe.config | ||
C:\GetSmart\SSUpGrade.exe.config | ||
C:\GlobalSearch Client Installation\Common\Square9\GetSmart\ | GlobalSearch 5.0 and below | |
CaptureDesigner.exe.config | GlobalSearch 5.0 and below | |
ImageXChange.exe.config | GlobalSearch 5.0 and below | |
Square9.GAUpConverter.exe.config | GlobalSearch 5.0 and below | |
Square9.GlobalAction.exe.config | GlobalSearch 5.0 and below | |
Square9.QBPush.exe.config | GlobalSearch 5.0 and below | |
Square9.WebActivator.exe.config | GlobalSearch 5.0 and below | |
ssCaptureManager.exe.config | GlobalSearch 5.0 and below | |
ssContentIndex.exe.config | GlobalSearch 5.0 and below | |
ssDocWFManager.exe.config | GlobalSearch 5.0 and below | |
SSIMPORTERWS.exe.config | GlobalSearch 5.0 and below | |
SSInterface.exe.config | GlobalSearch 5.0 and below | |
SSLicenseClean.exe.config | GlobalSearch 5.0 and below | |
SSScan.exe.config | GlobalSearch 5.0 and below | |
SSUpGrade.exe.config | GlobalSearch 5.0 and below | |
RestProxy.xml | GlobalSearch 5.0 and below | |
C:\inetpub\wwwroot\GetSmart\Upgrades | GlobalSearch 5.0 and below | |
CaptureDesigner.exe.config | GlobalSearch 5.0 and below | |
ImageXChange.exe.config | GlobalSearch 5.0 and below | |
PayloadManifest.exe.config | GlobalSearch 5.0 and below | |
Square9.QBPush.exe.config | GlobalSearch 5.0 and below | |
ssCaptureManager.exe.config | GlobalSearch 5.0 and below | |
ssDocWFManager.exe.config | GlobalSearch 5.0 and below | |
SSInterface.exe.config | GlobalSearch 5.0 and below | |
SSScan.exe.config | GlobalSearch 5.0 and below | |
RestProxy.xml | GlobalSearch 5.0 and below | |
C:\GetSmart\CaptureServices\GlobalCapture_1\Square9.GlobalCapture.exe.config | GlobalSearch 4.4.1+ | The mongodb line does not need to be altered for SSL |
C:\inetpub\wwwroot\ | ||
C:\inetpub\wwwroot\GetSmart\web.config | GlobalSearch 5.0 and below | |
C:\inetpub\wwwroot\Square9Rest\web.config | GlobalSearch 5.0 and below | |
C:\inetpub\wwwroot\Square9API\web.config | All versions | Do not update <add key="urn:square9:identitymanager:apiconnector:configuration:baseurl" value="http://localhost:8080/api/" /> |
C:\inetpub\wwwroot\Square9Web\config.json | This is highly dependent on your environment, you may not have to update this file at all. | |
C:\inetpub\wwwroot\Square9CaptureAPI\web.config | GlobalSearch 4.4.1+ | Do not update <add key="urn:square9:identitymanager:apiconnector:configuration:baseurl" value="http://localhost:8080/api/" /> |
C:\inetpub\wwwroot\Square9Viewer\web.config | All versions | |
C:\inetpub\wwwroot\Square9API\desktop_client\source\SSInterface.exe.config | GlobalSearch 6.1 and up | Note that you will have to run C:\inetpub\wwwroot\Square9API\Desktop_Client\Square9.LanClientBuilder.exe in order to generate the LAN client installer with the updated configuration files. |
Here is a URL to test your configuration:
https://INSERTYOURFQDN:443/Square9Web/index.html
If you are prompted to log in after this is done, you have correctly configured your SSL address for external use.
GlobalCapture Batch Portal
If your GlobalSearch installation includes GlobalCapture you may have to also update the URL used by GlobalCapture to communicate with GlobalSearch. In addition to the configuration files above you will also have to update the address in the GlobalCapture interface.
Log in to GlobalCapture as a user with Administrative access.
Navigate to the "Portals" option
Click the ellipsis (vertical three dots)
Select Edit
Update the URL to use the FQDN and https
Save and verify that the connection indicator (Circle with gap at the top) turns green.
Need Help?
You must already have obtained a certificate from your Certificate Issuer. We cannot obtain a certificate for you.
You must install the certificate into IIS yourself. Contact your Certificate Provider for instructions on how to do this.
We can assist you in editing the config files outlined in this article. Please have your fully qualified domain name available.