Installation Point and Certificate issue

 5 Replies
 0 Subscribed to this topic
 11 Subscribed to this forum
Sort:
Author
Messages
Roger French
Veteran Member
Posts: 549
Veteran Member
    Trying to install a new installation point on LS0 9.1.3. LifeCycle Manager, Grid, Webservices installed and running. LSO  Server is running too.

    I exported the server info to create the .jadeinstall file

    I have a paid-for certificate that has been inserted into the proper key stores on the server and stored within IIS. It is a p7k and also I have a cer version.

    When I try to create the installation point using SignTool, and link up the certificate to the installation point I am getting the pop up error "Unable to sign installation, Cannot find the original signer" as well as some other crypto string output.

    Has anyone seen this type of message before? If so what did you do? I can't find any
    documentation within Lawson and I am leaning that it is a certificate issue. 
    Thank you in advance,
    Roger
    Eklind
    Veteran Member
    Posts: 38
    Veteran Member
      ClickOnce requires that all certificates in the cerificate chain is put in the trusted root certificate store. If you have bought a certificate which does not have the root certificate as issuer you need to add those certifcate between your certificate and the root certofocate into the trusted root store.

      But what is the reason for using a bought code signinig certificate? If you will expose the installation point over internet it makes sence, but if only using it internally it is probably better to create a self-signed certificate with the Sign Tool.

      /Rickard
       
      Massimo Emilione
      Advanced Member
      Posts: 29
      Advanced Member
        we created our own certificate and we got random errors with the import. I know I imported it into the trusted sites, but it did not work, we eventually let signtool create its own certificate. Everything is on our network internally.
        Eklind
        Veteran Member
        Posts: 38
        Veteran Member
          Massimo, I am not sure I understand what you try to achieve. The signtool can only produce a code signing certificate and have nothing to to with the communication (HTTPS/SSL).
          Have a look at my posts in this thread https://www.lawsonguru.co...afpg/2/Default.aspx, ecpecially the one I posted December 2.
          Massimo Emilione
          Advanced Member
          Posts: 29
          Advanced Member
            Yes, this took a while to work out. There is a lot of signing occurring here.

            You have to sign the install as well as have a working certificate to install into LCM so that users do not have to install the certificate. We are now using a CA certificate that is installed in LCM so that our users no longer have to install the certificate from https://FQDN:19006/LSO
            JimMNH
            Veteran Member
            Posts: 60
            Veteran Member
              Use IE (run as administrator) to browse to the install point on your LSO server.  Once there you should see a broken certificate.  Install that and you should be fine.  Created a KB for our folks here.  You could try following this.

              TO INSTALL AGAINST THE PRD LSO SERVER:

              BEFORE STARTING: Normal LSO install MUST be done under the same account of the person/account that will be using LSO. This may require temporarily adding the user to the machine administrators group to complete the install. Administrator privileges are no longer required after the install has been completed.

              (1) Make sure .NET Framework 4 is installed. The FULL install is required. Available under \\cityfile\Software\DotNet Framework 4 or online at http://www.microsoft.com/...etails.aspx?id=17851

              (2) Make sure the Lawson Grid self-signed certificate is installed on the client’s Trusted Root. To do this start IE as the machine Administrator (right click and select Run As Administrator). Navigate to https://{server}:19006 Click or left click on the certificate error (broken lock) and select "View Certificates". Go to the "Certification Path" tab and select "Lawson Grid" and choose to Install it to a specified location of Trusted Root.

              (3) Once this is done you must restart the browser and point it again to the secure connection at https://{server}:19006 .. at this point the “golden lock” should appear indicating the encryption certificate is now trusted.

              (4) You should now see a link to InstallationPoint/"Install Lawson Smart Office". You will need to install it logged in as the end user having machine administrator account privileges. Once installed you can launch it from the Start menu (Lawson folder), and login using AD credentials.

              (5) Be sure to REMOVE machine administrator privileges from user after install if they did not have this priv before starting this install process.

              BTW .. this dedicated install process isn't required using the URL shortcut I mention in my other post.