How to Implement SSL for Lawson Portal

,

image

If you haven’t already done so, implementing SSL after the install is a bit of a black art. Without going into gory detail, here’s a very simple set of steps to follow:

  1. On the LSF server turn off all the services related to lawson aside from ADLDS
  2. Import your new certificate (preferably a wildcard cert) into windows as a personal cert
  3. Create a binding within IIS using the imported certificate on port 443
  4. Load up  your favorite ldap editing tool. We prefer this one.
  5. Under O=lwsnrmdata -> OU=resources you’ll find all your users and services. You’ll want to edit the following identities (or more if you have other service URLs):
    • BPM
    • IOS
    • IOSAdmin
    • LSAdmin
    • mingle
    • mingle_env
    • SSO
    • SSOP
    • Environment
  6. In each of the cases above you’re going to modify the Service URL and any other http protocol. You’ll also want to change the PROTOASSERT attribute from “Use HTTP only” to “Use HTTPS always”.
  7. Then change every relevant entry in %LAWDIR%/system/install.cfg that refers to http, protoassert, or the secure ports. They’re relatively easy to find.
  8. You can now reboot the LSF server and restart your services.
  9. If you have Landmark installed, then bring up the rich client
  10. In the GEN productline, navigate to: “Security System management” > Services
  11. Change every service to HTTPS_ONLY and change the service properties to HTTP Port=-1 and HTTPS Port=443
  12. Change all the relevant entries in system/install.cfg
  13. Reboot the Landmark server
  14. Run all the smoke tests with updated URL to verify everything is working
  15. If you are using inbaskets you’ll want to import your certificates into Websphere as well but that’s a topic for another article