Installation Point and Certificate issue

ClickOnce requires that all certificates in the cerificate chain is put in the trusted root certificate store. If you have bought a certificate which does not have the root certificate as issuer you need to add those certifcate between your certificate and the root certofocate into the trusted root store.

But what is the reason for using a bought code signinig certificate? If you will expose the installation point over internet it makes sence, but if only using it internally it is probably better to create a self-signed certificate with the Sign Tool.

/Rickard
 

we created our own certificate and we got random errors with the import. I know I imported it into the trusted sites, but it did not work, we eventually let signtool create its own certificate. Everything is on our network internally.

Massimo, I am not sure I understand what you try to achieve. The signtool can only produce a code signing certificate and have nothing to to with the communication (HTTPS/SSL).
Have a look at my posts in this thread https://www.lawsonguru.co...afpg/2/Default.aspx, ecpecially the one I posted December 2.

Yes, this took a while to work out. There is a lot of signing occurring here.

You have to sign the install as well as have a working certificate to install into LCM so that users do not have to install the certificate. We are now using a CA certificate that is installed in LCM so that our users no longer have to install the certificate from https://FQDN:19006/LSO

Use IE (run as administrator) to browse to the install point on your LSO server.  Once there you should see a broken certificate.  Install that and you should be fine.  Created a KB for our folks here.  You could try following this.

TO INSTALL AGAINST THE PRD LSO SERVER:

BEFORE STARTING: Normal LSO install MUST be done under the same account of the person/account that will be using LSO. This may require temporarily adding the user to the machine administrators group to complete the install. Administrator privileges are no longer required after the install has been completed.

(1) Make sure .NET Framework 4 is installed. The FULL install is required. Available under \\cityfile\Software\DotNet Framework 4 or online at http://www.microsoft.com/...etails.aspx?id=17851

(2) Make sure the Lawson Grid self-signed certificate is installed on the client’s Trusted Root. To do this start IE as the machine Administrator (right click and select Run As Administrator). Navigate to https://{server}:19006 Click or left click on the certificate error (broken lock) and select "View Certificates". Go to the "Certification Path" tab and select "Lawson Grid" and choose to Install it to a specified location of Trusted Root.

(3) Once this is done you must restart the browser and point it again to the secure connection at https://{server}:19006 .. at this point the “golden lock” should appear indicating the encryption certificate is now trusted.

(4) You should now see a link to InstallationPoint/"Install Lawson Smart Office". You will need to install it logged in as the end user having machine administrator account privileges. Once installed you can launch it from the Start menu (Lawson folder), and login using AD credentials.

(5) Be sure to REMOVE machine administrator privileges from user after install if they did not have this priv before starting this install process.

BTW .. this dedicated install process isn't required using the URL shortcut I mention in my other post.