HTTPS guide for DW7 upgrades

Jon Neff
Publicado Mon, 12 Dec 2022 16:52:02 GMT por Jon Neff Kelley Imaging Solutions Engineer
Has anyone created a checklist for all the items that need doing for IIS, DW and the network, to prepare HTTPS in DW7?

There are several KBAs with partial needs/requirements but no apparent comprehensive list or guide.

Thanks
Jon Neff
Publicado Tue, 13 Dec 2022 18:26:35 GMT por Jon Neff Kelley Imaging Solutions Engineer
Working with DWSupport we have<br> <br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><b><span style="border:none windowtext 1.0pt; color:black; padding:0in">HTTPS checklist&nbsp;</span></b></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif">&nbsp;</span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Certificate on server to configure the Web Components (IIS) to use HTTPS:&nbsp;<b>KBA-35780</b>&nbsp;</span></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Redirect all HTTP to HTTPS using “URL rewrite”:&nbsp;<b>KBA-35272</b>&nbsp;</span></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Verify HTTP binding:&nbsp;<b>KBA-36106</b>&nbsp;</span></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">4.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;In general, in IIS Manager:&nbsp;<b>KBA-34790</b>&nbsp;(only the following for DW7; ignore the rest)&nbsp;</span></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">&nbsp; &nbsp; &nbsp; &nbsp;a.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Register the certificate. Server certificates &gt; Import&nbsp;</span></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">&nbsp; &nbsp; &nbsp; &nbsp;b.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Change the binding of the IIS web site to be accessible over HTTPS&nbsp;</span></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">&nbsp; &nbsp; &nbsp; &nbsp;c.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Remove the binding for HTTP (optional see #3, above)&nbsp;</span></span></span><br> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Note: If you use a self-signed certificate, ensure your CA is specified as a "trusted root CA" on all client PCs.<br> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Import the certificate of your root CA in the certificate stores of all computer and user accounts in your<br> &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;domain using GPOs. You will find further information here:&nbsp;</span></span></span> <ol> <li style="list-style-type:none"> <ol> <li style="list-style-type:none"> <ol> <li><span style="font-size:11pt"><span style="color:black"><span style="tab-stops:list 1.5in"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; padding:0in">http://woshub.com/how-to-deploy-certificate-by-using-group-policy/&nbsp;</span></span></span></span></span></li> <li><span style="font-size:11pt"><span style="color:black"><span style="tab-stops:list 1.5in"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; padding:0in">http://technet.microsoft.com/en-us/library/cc754841.aspx&nbsp;</span></span></span></span></span></li> </ol> </li> </ol> </li> </ol> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">&nbsp; &nbsp; &nbsp; &nbsp;d.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;In DocuWare do the following in Administration:&nbsp;</span></span></span> <ol> <li style="list-style-type:none"> <ol> <li style="list-style-type:none"> <ol> <li><span style="font-size:11pt"><span style="color:black"><span style="tab-stops:list 1.5in"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; padding:0in">Change the URL in the Web Connection section HTTP-Root directory</span></span></span></span></span></li> <li><span style="font-size:11pt"><span style="color:black"><span style="tab-stops:list 1.5in"><span style="font-family:Calibri,sans-serif">Do not close the admin tool before verifying that everything works</span></span></span></span></li> </ol> </li> </ol> </li> </ol> <span style="font-size:11pt"><span style="font-family:Calibri,sans-serif"><span style="border:none windowtext 1.0pt; color:black; padding:0in">5.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Configure Fulltext for HTTPS (</span><span style="border:none windowtext 1.0pt; background:white; padding:0in"><span style="color:#172b4d"><span style="letter-spacing:-.05pt">not necessary in a DocuWare On-Premise installation since the server itself can and should be installed on a dedicated machine behind a firewall with access only from the Platform, Background Process Service and WEB Settings</span></span></span><span style="color:black">):&nbsp;<b>KBA-36520</b>&nbsp;</span></span></span><br> &nbsp;
Gilles Sauvagnat
Publicado Wed, 14 Dec 2022 05:58:00 GMT por Gilles Sauvagnat Altexence Président

Thanks for the input

ATTENTION : KBA-35272 is no more valid for 7.4 and above

Regards
Gilles
Altexence CEO

You must be signed in to post in this forum.

Obtenga ayuda

Buscar en Knowledge Base
Pregunte a la Community
Nueva solicitud de soporte