How To Perform A GlobalSearch SSL Switch-over

SSL stand for Secure Sockets Layer. It provides a secure connection between internet browsers and websites, allowing you to transmit private data online. Sites secured with SSL display a padlock in the browsers URL and possibly a green address bar if secured by EV (Extended Validation) Certificate.

Obtaining and Installing Certificates from a Certificate Provider

SSL Certificates can be obtained from many difference sources, one obtained from a valid issuer insures that when a user accesses GlobalSearch, they are not prompted with a warning within their browser.  Different levels of SSL Certificates may offer various level of validation, ex: an Extended Validation certificate shows the address bar as green in some browsers, but the process to obtain an SSL Certificate with that level of validation is much more strenuous, sometimes requiring documentation to be sent in.

Examples of Certificate Provider include:

Generating a Certificate Request (For Certificates from Certificate Providers)

To obtain a SSL Certificate from an issuing company, you must generate a certificate request, the certificate request tells the signing authority information about the machine it's generating the certificate for.  This helps keep the certificate secured to your server.

  1. Go into IIS (inetmgr if launching from Command Prompt or Run)

  2. Select your Server name

  3. Click on "Server Certificates"

  4. Click on "Create Certificate Request"

  5. Complete the Certificate Request by completing the Common Name and other required information and click Next.

  6. Note: The "Common Name" is the URL your users will go to access your application, for example: globalsearch.mycompany.com

  7. For more information on what information is required in these fields, contact your Certificate Provider.

  8. Once all fields are filled in, choose your Crypographic Service Provider and Bitlength and click Next.. 

  9. For the correct bitlength and service provider, refer to your SSL Provider's recommendations.

  10. Select a location to save your certificate request and click finish.

Click to enlarge

Server Certificates in IIS

 

Certificate Request

 

 

 


Adding SSL Certificate (From a Certificate Provider)

In the event the client needs guidance on how to install an SSL Certificate, follow these instructions:

  1. Go into IIS (inetmgr if launching from Command Prompt or Run)

  2. Select your Server name

  3. Click on ‘Server Certificates’

  4. Click "Complete Certificate Request"

  5. Enter the path to the certificate you downloaded from your provider and provide a friendly name for the certificate. 

  6. Select your Certificate Store, in most cases this will be "Personal" and click "OK".

Please note: If you are having trouble installing an SSL Certificate, please consult with your certificate provider or network administrator.

Creating Your Own Certificate (Self Signed)

Adding SSL Certificate (Self Signed)

If you or your client does not want to obtain a certificate from a issuing company, you can create a self signed certificate.  Self Signed Certificates will prompt a warning to the user in most browsers because they're not obtained from a validated issuing authority.  To create a Self Signed Certificate, follow these instructions.

  1. Go into IIS (inetmgr if launching from Command Prompt or Run)

  2. Select your Server name

  3. Click on ‘Server Certificates’

  4. Create a new Self-Signed Certificate and click OK

  5. Set and click OK

  6. Export the Self Signed Certificate (Optional, based on setup)


Adding and Removing Bindings from IIS

After you installed your Certificate, you must adjust your Bindings determine what port(s) users can access the website through. Since SSL/https runs on a different port than http, we're going to have to specify what port we're listening on for the external traffic.

  1. Right-click on your default website, or whichever website GlobalSearch is installed to.

  2. Select ‘Edit bindings’

  3. Click ‘Add’

  4. Select Type: HTTPS, SSL Certificate:, input your hostname; example: globalsearch.mycompany.com and then click OK.

    1. HTTPS uses Port 443 by default.

Note: If is not recommended to remove http bindings from the Square 9 Website/Default website, doing so may impede future upgrades, if you are looking to restrict access to GlobalSearch over HTTP, you can remove change your HTTP binding to the loopback adapter address of 127.0.0.1 or block connections to port 80 on the Windows Firewall




Configuration File Changes - Web.config

After an SSL Certificate is applied there are changes which must be applied to the GlobalSearch server.

Be sure to make a copy of your configuration files before altering them in case you need to revert the changes

Versions 3.3.1.0 - 5.0.0.0

Square9REST web.config

  • Open the Square9Rest web.config, by default this lives on the GlobalSearch Application Server: C:\inetpub\wwwroot\Square9Rest\web.config

  • Uncomment the section below (if you are unable to find these lines, you can do a ctrl+f to find it):

<!--For SSL enable this section.--> <!-- <binding> <security mode="Transport" /> </binding> -->

In versions of GlobalSearch prior to 4.2.0.0, you will also need to uncomment this section:

<!--For SSL enable this section.--> <!-- <security mode="Transport" > <transport clientCredentialType="Windows"/> </security> -->

You will also need to set your clientCredentialType value to InheritFromHost so that it looks like so:

<!--For SSL enable this section.--> <security mode="Transport" > <transport clientCredentialType="InheritFromHost"/> </security>

Change this section of the file to point to the https address.

Address Changes Across All Configuration Files

  1. Change all of the Program Configuration files to use ‘https’ instead of ‘http‘ and change the IP, or server name to the FQDN (Fully Qualified Domain Name. ex Fullyqualified.domain.name.com) This includes switching any references to 'localhost' in the config files to use the FQDN.

Location

GlobalSearch Version

Notes

Location

GlobalSearch Version

Notes

C:\GetSmart

 

 

C:\GetSmart\CaptureDesigner.exe.config

 

 

C:\GetSmart\ImageXChange.exe.config

 

 

C:\GetSmart\Square9.GAUpConverter.exe.config

 

 

C:\GetSmart\Square9.GlobalAction.exe.config

GlobalSearch 5.0.0.111 and below

 

C:\GetSmart\ActionServices\GlobalAction_1\Square9.GlobalAction.exe.config

GlobalSearch 5.0.0.111 and up

Note that you will have to update every engine’s config file if you have multiple

C:\GetSmart\Square9.QBPush.exe.config

GlobalSearch 5.0 and below

 

C:\Program Files\Square 9 Softworks\QuickBill\Square9.QBPush.exe.config

GlobalSearch 6.1 and up

 

C:\GetSmart\Square9.WebActivator.exe.config

 

 

C:\GetSmart\ssCaptureManager.exe.config

 

 

C:\GetSmart\ssContentIndex.exe.config

 

 

C:\Program Files\Square 9 Softworks\Content Search\ssContentIndex.exe.config

GlobalSearch 6.1 and up

 

ssDocWFManager.exe.config

 

 

C:\GetSmart\SSIMPORTERWS.exe.config

GlobalSearch 5.0 and below

 

C:\Program Files\Square 9 Softworks\Importer\SSIMPORTERWS.exe.config

GlobalSearch 6.1 and up

 

C:\GetSmart\SSInterface.exe.config

GlobalSearch 5.0 and below

 

%localappdata%\GlobalSearchDesktopClient\app-6.2.109-Build0

GlobalSearch 6.1 and up

Pick directory with the latest version number

C:\GetSmart\RestProxy.xml

GlobalSearch 5.0 and below

 

C:\GetSmart\SSLicenseClean.exe.config

GlobalSearch 5.0 and below

 

C:\Program Files\Square 9 Softworks\License manager\SSLicenseClean.exe.config

GlobalSearch 6.1 and up

 

C:\GetSmart\SSScan.exe.config

 

 

C:\GetSmart\SSUpGrade.exe.config

 

 

C:\GlobalSearch Client Installation\Common\Square9\GetSmart\

GlobalSearch 5.0 and below

 

CaptureDesigner.exe.config

GlobalSearch 5.0 and below

 

ImageXChange.exe.config

GlobalSearch 5.0 and below

 

Square9.GAUpConverter.exe.config

GlobalSearch 5.0 and below

 

Square9.GlobalAction.exe.config

GlobalSearch 5.0 and below

 

Square9.QBPush.exe.config

GlobalSearch 5.0 and below

 

Square9.WebActivator.exe.config

GlobalSearch 5.0 and below

 

ssCaptureManager.exe.config

GlobalSearch 5.0 and below

 

ssContentIndex.exe.config

GlobalSearch 5.0 and below

 

ssDocWFManager.exe.config

GlobalSearch 5.0 and below

 

SSIMPORTERWS.exe.config

GlobalSearch 5.0 and below

 

SSInterface.exe.config

GlobalSearch 5.0 and below

 

SSLicenseClean.exe.config

GlobalSearch 5.0 and below

 

SSScan.exe.config

GlobalSearch 5.0 and below

 

SSUpGrade.exe.config

GlobalSearch 5.0 and below

 

RestProxy.xml

GlobalSearch 5.0 and below

 

C:\inetpub\wwwroot\GetSmart\Upgrades

GlobalSearch 5.0 and below

 

CaptureDesigner.exe.config

GlobalSearch 5.0 and below

 

ImageXChange.exe.config

GlobalSearch 5.0 and below

 

PayloadManifest.exe.config

GlobalSearch 5.0 and below

 

Square9.QBPush.exe.config

GlobalSearch 5.0 and below

 

ssCaptureManager.exe.config

GlobalSearch 5.0 and below

 

ssDocWFManager.exe.config

GlobalSearch 5.0 and below

 

SSInterface.exe.config

GlobalSearch 5.0 and below

 

SSScan.exe.config

GlobalSearch 5.0 and below

 

RestProxy.xml

GlobalSearch 5.0 and below

 

C:\GetSmart\CaptureServices\GlobalCapture_1\Square9.GlobalCapture.exe.config

GlobalSearch 4.4.1+

The mongodb line does not need to be altered for SSL

C:\inetpub\wwwroot\

 

 

C:\inetpub\wwwroot\GetSmart\web.config

GlobalSearch 5.0 and below

 

C:\inetpub\wwwroot\Square9Rest\web.config

GlobalSearch 5.0 and below

 

C:\inetpub\wwwroot\Square9API\web.config

All versions

Do not update <add key="urn:square9:identitymanager:apiconnector:configuration:baseurl" value="http://localhost:8080/api/" />

C:\inetpub\wwwroot\Square9Web\config.json

 

This is highly dependent on your environment, you may not have to update this file at all.

C:\inetpub\wwwroot\Square9CaptureAPI\web.config

GlobalSearch 4.4.1+

Do not update <add key="urn:square9:identitymanager:apiconnector:configuration:baseurl" value="http://localhost:8080/api/" />

C:\inetpub\wwwroot\Square9Viewer\web.config

All versions

 

C:\inetpub\wwwroot\Square9API\desktop_client\source\SSInterface.exe.config

GlobalSearch 6.1 and up

Note that you will have to run C:\inetpub\wwwroot\Square9API\Desktop_Client\Square9.LanClientBuilder.exe in order to generate the LAN client installer with the updated configuration files.

 

Here is a URL to test your configuration:

If you are prompted to log in after this is done, you have correctly configured your SSL address for external use.


GlobalCapture Batch Portal

If your GlobalSearch installation includes GlobalCapture you may have to also update the URL used by GlobalCapture to communicate with GlobalSearch. In addition to the configuration files above you will also have to update the address in the GlobalCapture interface.

  1. Log in to GlobalCapture as a user with Administrative access.

  2. Navigate to the "Portals" option

  3. Click the ellipsis (vertical three dots) 

  4. Select Edit

  5. Update the URL to use the FQDN and https

  6. Save and verify that the connection indicator (Circle with gap at the top) turns green.

Need Help?

You must already have obtained a certificate from your Certificate Issuer. We cannot obtain a certificate for you.

You must install the certificate into IIS yourself.  Contact your Certificate Provider for instructions on how to do this.

We can assist you in editing the config files outlined in this article. Please have your fully qualified domain name available.



Related articles