Skip to main content

Self Signed Certificates - Knowledgebase / Lasernet / Lasernet System Requirements - Formpipe Support Portal

Self Signed Certificates

Authors list


This article explains how to install a Self Signed Certificate in order to trust the website used for accessing the Config server from a local PC.

Meaning that the below "Not secure https" will not be shown:


Lasernet generates a basic self-signed certificate during install, this is only meant for testing to verify connectivity and shouldn't be used long-term. The generated certificate is not designed to be trusted and should be replaced once the installation has been verified.


As the certificates are used for the portal which provides web-based access, the strong recommendation is that the generated certificate is replaced by one created specifically for that server, and ideally signed by a trusted Certificate Authority, this can be a third-party such as DigCert GoDaddy etc. or an internal Certificate Authority dependent on requirements and usage. Ensuring it is signed will mean that users are able to see that the endpoint is a trusted resource.

At the minimum a new self-signed certificate should be generated that is valid for the hostname on which the service is accessed, this can then be manually trusted if required.


You will need your server name in order to create the Certificate. In order to find this, click the Start menu, search "View your PC name" and note the name listed next to PC name.





How do I assign the certificate to the service?

To set the new certificate follow these steps:


1. Find the thumbprint on the certificate (certlm.msc) Note this down or copy it to clipboard as it will be needed later on.

2. In the start menu search for notepad and run it as administrator.



3. In Notepad - Click File > Open

4. Navigate to the Lasernet 10 Config folder and ensure that all files is selected in the dropdown in the bottom right. 

5. Open the ServerSettings file.


 

6. In the ServerSettings file that has just been opened, look for 'Hostname' and then add the thumbprint copied earlier from the certificate.

The LN service will automatically pick up and use the installed certificate as long as the hostname set in the config file matches that of the installed certificate.

The thumbprint field is optional but adds an extra level of guarantee that the correct certificate is used (especially if there are multiple for the same hostname) - this should be the SHA1 or SHA256 certificate thumbprint. To find this, search for and open Manage computer certificates, locate the certificate under Personal -> Certificates and open it. The Thumbprint is under 'Details'.


7. In the Start menu search for 'services.msc'


8. Scroll down to find Lasernet Config 10, right click and click Restart in order to restart the service.



9. In order to save the certificate, open the web browser and navigate to the Lasernet launcher site, click Not secure, and then click Certificate is not valid.



10.Once the certificate has opened, go to details in the top tab and click copy to file.


11. Click Next, Choose the DER encoded binary X.509 and click Next.



12. Navigate to where you would like to save the certificate (ideally somewhere easily accessible for later). Click Next and click Finish.


13. Click OK on both boxes to close them.


Install Certificate

 1. In order to install the certificate, right click on the certificate and choose Install Certificate.

2. Select Local Machine and click Next.

3. Select Place all certificates in the following store, Click Browse and select Trusted Root Certification Authorities.

4. Click OK and Click Next.


5. Click Finish and click OK.


Close and reopen the browser and navigate to the Lasernet Configuration site. The certificate should now be valid.

Helpful Unhelpful

Share