If you haven’t already done so, implementing SSL after the install is a bit of a black art. Without going into gory detail, here’s a very simple set of steps to follow:
- On the LSF server turn off all the services related to lawson aside from ADLDS
- Import your new certificate (preferably a wildcard cert) into windows as a personal cert
- Create a binding within IIS using the imported certificate on port 443
- Load up your favorite ldap editing tool. We prefer this one.
- Under O=lwsnrmdata -> OU=resources you’ll find all your users and services. You’ll want to edit the following identities (or more if you have other service URLs):
- BPM
- IOS
- IOSAdmin
- LSAdmin
- mingle
- mingle_env
- SSO
- SSOP
- Environment
- In each of the cases above you’re going to modify the Service URL and any other http protocol. You’ll also want to change the PROTOASSERT attribute from “Use HTTP only” to “Use HTTPS always”.
- Then change every relevant entry in %LAWDIR%/system/install.cfg that refers to http, protoassert, or the secure ports. They’re relatively easy to find.
- You can now reboot the LSF server and restart your services.
- If you have Landmark installed, then bring up the rich client
- In the GEN productline, navigate to: “Security System management” > Services
- Change every service to HTTPS_ONLY and change the service properties to HTTP Port=-1 and HTTPS Port=443
- Change all the relevant entries in system/install.cfg
- Reboot the Landmark server
- Run all the smoke tests with updated URL to verify everything is working
- If you are using inbaskets you’ll want to import your certificates into Websphere as well but that’s a topic for another article