Hyland Connect

Michael_Snyder · ‎04-03-2020

Hello,

Hope everyone is well in these times. I have OnBase 18.0.1.46 SP 1 up and running on Windows 2016 Server. This server effectively is both the Web and Application server in one.

I am setting up TLS after-the-fact of installing it. It is working fine with the Web Server component.

Now, I'd like to set it up for the Application Server component. I am unable to find any documentation at this time. I'd simply like to know the different configuration settings and all the touch points to get this working.

For instance, in Configuration and under "Utils | Application Server | Application Server Configuration" I simply changed my Application Server path from "http://<server name>/AppServer/service.asmx" to "https://<URL DNS Alias>/AppServer/service.asmx" but that results in an error while attempting to open a document in the Thick Client as "System.Net.WebException: The underlying connection was closed. Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure."

What settings must be made in the web.config file under C:\inetpub\wwwroot\AppServer? Are there any additional settings under WAMCon (Web Application Console) that I need to focus on/modify? Are there any changes or areas under iiS Manager for the site/application pool?

I'd appreciate narrowing this down to the requirements for getting this up and working.

Many thanks and be safe!

Mike

AdamShaneHyland · ‎04-03-2020

Hey Mike,

My pleasure. Glad that I can help.

If the Web and Application Servers are on the same machine there is no benefit of requiring HTTPS communication between the two because that simply means more resources needed to decrypt traffic which is never leaving the machine. However, if you are using that same Application Server for access from the clients (Unity Client, OnBase Thick Client, etc), then you are likely going to need to require it, else anyone could establish an unencrypted connection via HTTP. I know that is a wishwashy answer, but if you need HTTPS for one and not the other you, can always setup a second website on the server; one for the Web Server's Application Server which doesn't require binding on HTTPS and another for the Application Servers used by the clients which does require HTTPS.

Regarding your question about using "obwebapp01.domain.com" instead of "onbasedev.domain.com", that comes down to the certificate in question. If the certificate is *.domain.com, then it won't matter, but if the certificate is onbasedev.domain.com, then you will not be able to bind to the certificate using HTTPS when attempting to connect with obwebapp01.domain.com. If it is working fine for the Web Server and the Application Server is on the same machine then it should work fine for the Application Server (which I believe you already alluded to).

For the -APPSRV_URL="" switch, as long as you can navigate to the URL in a browser with any errors, then the URL will work. It can be a DNS CNAME (alias - i.e. onbasedev.domain.com), HOST A (hostname - i.e. obwebapp01) or FQDN (fully qualified domain name - i.e. obwebapp01.domain.com).

Take care.

Michael_Snyder · ‎04-07-2020

Thank you Adam! I have been able to get my environment working. I really appreciate your thorough explanation and your quick responses. I can provide you with a review if you'd provide me a link - 10's across the board.

Take care,

Mike

AdamShaneHyland · ‎04-07-2020

Thanks Mike for the kind words. It is my pleasure. Glad that you were able to get it working. Hopefully these comments will help others as well.

Best wishes and stay healthy.

Hyland Connect

How to Set Up TLS For Application Server ~ OnBase 18.0.1.46 SP 1 on Windows 2016 Server