I’m looking at REST support in Relativity Server but a few things concern me:
There’s no SSL certificate option as far as I see in Relativity. Would I need to IIS to lock down Relativity, hardcode a server? What are my options? Having login through LDAP, for instance, with no guarantee of a secure connection seems a security hazard.
Basically I need a secure connection and the possibility of logging in and out.
Please note that by default newly created certificate will expire in 2 weeks. If you need something longer you need to run SSL Diagnostics tool from the command line.
Configure the machine to use a Certificate
Now you have to configure the machine to associate the certificate you just created, with the port and Ip address that HttpSysSuperHttpServerChannel is using.
This can be done via httpcfg.exe utility (note 7099 here - this is the port httpSysSuperHttpServerChannel listens):
httpcfg set ssl /i 0.0.0.0:7099 /h 17332d70be26c02944f4b2089d5818a7d61e0c90
This command should complete with message HttpSetServiceConfiguration completed with 0.
Note:
17332d70be26c02944f4b2089d5818a7d61e0c90 here is Thumbprint hash of SSL
certificate created on step 1. You can found this thumbprint via MMC Certificates snap-in. To open it issue MMC in command line, open File -> Add/Remove Snap-in menu item and add Certificates snap-in. It should use Computer account for local computer.
Certificate can be found in Personal / Certificates folder
Double check the SSL bindings for this computer:
Issue
httpcfg query ssl