Smart Connector: https end point using https data source with self signed certificate

ChrisLaurentius · ‎2018-06-11

Hi,

Continuation of:

Smart Connector: http end point using https data source with self signed certificate

Just in case customer requires Smart Connector's end point to be in https as well.

I've got the following message when binding the ssl certificate using netsh:

Following Smart Connector installation guide on Configuring HTTPS on SmartConnector Endpoints (page 87/88)

Tried the ID stated in Adam Summers post as well: EWS RESTful EWS Gateway binding with HTTPS

Setup:

Smart Connector version SmartConnector-2.3.117 with ISC.CustomSoapRestProvider.dll

Data source: DCE 750 on https only using self signed certificate.

Steps:

1.Downloaded DCE's self signed certificate from browser

2.Skipped the steps on Bundle the received certificate with the private key; this is a self signed certificate

If this step is needed, how do I get the private key, CSR of self signed certificate from say SBO, PME & DCE?

3.Added DCE.cer to both Local Computer's Personal Certificate

4. Defined https end point in smart connector

5. Ran netsh againts DCE self signed certificate's thumbprint, using both appid 596e502c-7957-4a02-8167-716d19ced67f (per manual), and the one service GUID suggested on the Adam's thread: 0268946a-3985-46f9-a9c2-cd4016ac6ddb. Both showed the same SSL certificate add failed.

sesa178151_brid · ‎2018-06-13

I haven't used this particular extension, but if you want SC to serve https, then you'll need to create a dedicated cert for the server on which SC is running. You can't take the DCE cert or any other cert from another server and install it on the SC server to serve. At a minimum, the server name won't match (unless SC and DCE are on the same server).

As Adam explained, you would install the DCE/SBO/PME cert on the SC server when the cert is self-signed, but this is for SC as a client, not a server. This is only b/c it's self-signed and SC won't trust the cert unless it's in the local store.

Separately, you'll need to generate a cert (presumably self-signed) for the SC server and install that in the cert store per the SC instructions. When generating that cert, you'll also need to provide a private key. So, you'll know what value that is.

Hope this helps.

Brett

See Answer In Context

sesa178151_brid · ‎2018-06-13

I haven't used this particular extension, but if you want SC to serve https, then you'll need to create a dedicated cert for the server on which SC is running. You can't take the DCE cert or any other cert from another server and install it on the SC server to serve. At a minimum, the server name won't match (unless SC and DCE are on the same server).

As Adam explained, you would install the DCE/SBO/PME cert on the SC server when the cert is self-signed, but this is for SC as a client, not a server. This is only b/c it's self-signed and SC won't trust the cert unless it's in the local store.

Separately, you'll need to generate a cert (presumably self-signed) for the SC server and install that in the cert store per the SC instructions. When generating that cert, you'll also need to provide a private key. So, you'll know what value that is.

Hope this helps.

Brett

ChrisLaurentius · ‎2018-06-17

Thanks Brett,

Will try generating self signed certificate for the SC server itself.