Obtaining an SSL certificate
requires the .NET Framework. Because the .NET Framework requires secure HTTP transactions, you must obtain a digital certificate, which is an electronic document used to verify server identification and to encrypt communication between server and client. There are three ways to obtain an SHA-2 certificate:
- Purchase one from a Certification Authority (CA)
- Generate one from the internal certificate server (comes with Windows Server)
- Create a self-signed certificate.
After February 14, 2017 Windows only trusts SHA-2 SSL certificates and SHA-1 Code-signing certificates time-stamped before 2016-01-01. For more information, see KB 1856530 for Microsoft Windows certificate cut-off dates.
Note: Observe these guidelines when you determine how
to implement security certificates at your site.
- When you order an SSL certificate, always specify the server name as a fully qualified domain name, for example, server.corp.com. All automated configuration and tooling in Infor Smart Office will assume that your certificate contains the fully qualified server name.
- .NET Framework 4.5 does not allow non-trusted certificates to be accepted by users. Therefore, the application and the HTTP servers must be configured to use SSL.
- An SSL certificate is created for a specific URL and HTTP server. It can not be reused on any other server.
The table shows the advantages and disadvantages of each mode of acquiring a certificate:
| Mode of acquisition | Advantages | Disadvantages |
|---|---|---|
| Issued by a third-party vendor | Applicable to clients from any domain. | Additional expense; delivery time gap. |
| Issued by an in-house certificate authority. | Inexpensive; automatically applies to all clients in the internal network. | Configuration and maintenance of certification server is needed; applies only to domain clients. |
| Self-signed certificate | Inexpensive and easy to use, especially for test environments. | Not recommended because it is not as secure as certificates issued by a root certificate. The certificate must also be installed on every client machine in advance in order for Infor Smart Office to start. |