HTTPS and SSL

Infor Smart Office uses the Microsoft .Net framework, which requires secure HTTP transactions (web service calls). In order to achieve secure HTTP (HTTPS) transactions, a Secure Sockets Layer (SSL) certificate is required. The SSL certificate is an electronic document that is used to verify server identity and to encrypt communication between server and client.

An SSL certificate must be created for each physical server web server. The SSL certificate can be issued by a third-party vendor, by an internal certificate server, or it can be self signed. A web server that is accessed over HTTPS must always be accessed with the URL for which the SSL is created. For example, if the SSL certificate is created for myserver.mycorp.com, the URL must always be specified with exactly that name. It will not work to only configure URLs in the systems profile with the server name only, even if the DNS will help the clients find the server.

Different SSL certificates can be used.

  • Issued by a third-party vendor. This works over the Internet but costs money and might take several days to obtain.

  • Issued by an in-house certificate authority. This works in an internal network and is free of charge.

  • Self-signed certificate. This type of certificate is not recommended because it is not as secure as certificates issued by a root certificate. The certificate must also be installed on every client machine for Infor Smart Office to start. For more information about how to install a self-signed certificate, see Working with SSL certificates.

For information about how to configure HTTPS in the Grid, see the administration guide for Grid.

Certificate authority

A certificate server is included in Windows Server (Certificate Services). It can be used to create SSL certificates for the Grid. Other certificate authority applications can also be used instead.

The root certificate that is used to issue the SSL certificate from the certificate server must be pushed out to every client. If Certificate Authority Enterprise Edition is used, the root certificate is normally pushed out to the clients automatically. If Certificate Authority Standard Edition or any other certificate authority application is used, the root certificate must be pushed out with the help of Active Directory. For more information about pushing certificates to clients, see Pushing a root certificate to clients with Active Directory.