To secure communication with Web Port, SSL (Secure Socket Layer) is used. This ensures that all traffic between clients and the server is encrypted. To make this work, an SSL certificate must be installed.
The correct method depends on your specific situation. The table below outlines common scenarios and the recommended approach for each.
Common Scenarios and Recommended Methods
Scenario: | Recommended Method: |
You already have a valid certificate from an external provider (e.g. IT department) | Go to Import an Existing Certificate |
You want to use a trusted certificate issued by a Certificate Authority (CA) but don’t have one yet | Go to Generate a CSR and Submit to a CA |
You want a quick setup and don’t require a trusted certificate | Go to Create a Self-Signed Certificate in Web Port |
You want to require client certificate authentication (Optional) | Go to Enable Client Certificates |
The following information is entered to generate a certificate, or CSR under "System Settings" > "Server" > "SSL Certificate"
Information: | Description: |
Common name (CN) | The IP address or domain name the certificate will be issued to (MANDATORY) |
Organisation | Organisation name, for example, company name |
Department | Any department within the company |
City | City where the company operates |
Region / State | Region in the country where the company operates |
Country | Country where the company where the company operates |
Alternative names | Used if several domain names or IP addresses are to be protected |
Key Type | Number of bit encryption in the key |
Password | Password for the certificate (.p12 file) |
Self-Signed | Marked if a self-signed certificate is to be generated |
CSR-file | Click to download the generated Certificate Signing Request (CSR) file for submission to a Certificate Authority (CA). |
Private Key | Click to download the private key generated during CSR creation. |
Domain Certificate | Field to paste the domain certificate received from the CA. |
CA Intermediate Certificate | Field to paste the intermediate certificate from the CA. |
CA Root Certificate | Field to paste the root certificate from the CA. |
Use Client Certificate | Enable this to require clients to present a certificate when connecting. |
Force Certificate Login | When enabled, only users with valid client certificates can log in. |
Trusted Issuer | Name of the Certificate Authority (CA) that issued client certificates you want to trust. |
Import an Existing Certificate
This is the most common use case: you already have a valid certificate (e.g. provided by your IT team or a third-party CA) and want to use it in Web Port.
Steps:
-
Go to System Settings → Server → SSL Certificate
-
In the field Common Name (CN), enter the exact domain name or IP address that matches the certificate installed in Windows (e.g.
webport.company.com
or192.168.1.100
) -
Make sure the checkbox "Self-Signed" is NOT checked
-
Click Save
-
Stop the Web Port server
-
If the certificate is not yet installed on the server:
-
Double-click the certificate file (
.cer
,.pfx
, or similar) -
Follow the installation wizard
-
Select Local Machine as the target store (not Current User)
-
Ensure the certificate is placed under Trusted Root Certification Authorities
-
-
Start the Web Port server
-
Access Web Port in your browser using
https://
and verify the secure connection -
If needed, check the certificate details in System Settings → Server → SSL Certificate
Tip
In Windows, make sure the certificate is placed under Trusted Root Certification Authorities for it to be accepted without warnings.
Generate a CSR and Submit to a CA
If you need a trusted certificate but don’t have one yet, you can generate a Certificate Signing Request (CSR) directly from Web Port and submit it to your Certificate Authority (CA). Once the CA issues your certificate, you can import the signed certificate files back into Web Port to complete the setup.
Steps:
-
Go to System Settings → Server → SSL Certificate.
-
Fill in the certificate information fields, especially the Common Name (CN) — this must match the IP address or domain name (e.g., 192.168.1.100 or webport.company.com).
Also set a Password — this will later be required when installing the final certificate file (webport.p12
). Other fields are optional. -
Make sure the checkbox "Self-Signed" is NOT checked.
-
Click Save.
-
Click Create CSR to generate the Certificate Signing Request.
-
Wait for the confirmation popup indicating the CSR has been created. The “Pending Certificate” section will then appear in the side menu
- Download and save the CSR file. This is the file you submit to your chosen Certificate Authority (CA).
-
Download and save the Private Key securely — this key is needed to install the certificate later and should be kept private.
-
Submit the CSR file to your chosen Certificate Authority following their instructions.
-
When you receive the signed certificates from the CA, copy and paste their contents into the respective fields in Web Port. See the info box below for details.
-
Domain Certificate
-
CA Intermediate Certificate
-
CA Root Certificate
-
-
Click Save.
-
Click Create Cert to generate the final certificate file (
webport.p12
) for Web Port. - Wait for a popup message indicating that the certificate has been generated – this may take a few minutes
-
Stop the Web Port server.
-
Go to Web Port’s data directory and locate the
webport.p12
file. -
Double-click
webport.p12
and follow the Windows installation instructions:-
Make sure to install the certificate for the Local Machine (not Current User).
-
Enter the password you specified when generating the certificate.
-
-
Make sure the certificate is placed under Trusted Root Certification Authorities in Windows
-
Start the Web Port server.
-
Access Web Port in your browser using
https://
and verify the secure connection -
If needed check the certificate details in System Settings → Server → SSL Certificate.
Info for step 10
When you receive the certificate files from your Certificate Authority (CA), open each file using a text editor such as Notepad or Notepad++. The certificate files are typically in PEM format and contain text blocks starting with
-----BEGIN CERTIFICATE-----
... (certificate data) ...
-----END CERTIFICATE-----
To correctly import the certificates into Web Port:
-
Open each certificate file (Domain Certificate, CA Intermediate Certificate, and CA Root Certificate).
-
Select and copy the entire content, including the lines shown above.
-
Paste the corresponding content into the appropriate fields in Web Port.
It is important to copy the entire block to ensure the certificate is validated and functions correctly.
Tip
In Windows, make sure the certificate is placed under Trusted Root Certification Authorities for it to be accepted without warnings.
Create a Self-Signed Certificate in Web Port
A self-signed certificate is created and signed by the Web Port server itself rather than a trusted Certificate Authority (CA). This means the certificate is not inherently trusted by browsers or external systems, which may result in security warnings unless the certificate is manually installed and trusted on client devices. Use of self-signed certificates is suitable when external trust is not required or when managing trust internally.
Steps:
-
Go to System Settings → Server → SSL Certificate.
-
Fill in the certificate information fields, especially the Common Name (CN) — this must match the IP address or domain name of your Web Port server.
Also set a Password — this will later be required when installing the final certificate file (webport.p12). -
Make sure the checkbox Self-Signed is checked.
-
Click Save.
-
Click Create Cert to generate the self-signed certificate.
-
Wait for a popup message indicating that the certificate has been generated — this may take a few minutes.
-
Stop the Web Port server.
-
Go to Web Port’s data directory and locate the webport.p12 file.
-
Double-click webport.p12 and follow the Windows installation instructions:
-
Make sure to install the certificate for the Local Machine (not Current User).
-
Enter the password you specified when generating the certificate.
-
-
Start the Web Port server.
-
Access Web Port in your browser using
https://
and verify the secure connection -
If needed check the certificate details in System Settings → Server → SSL Certificate.
NOTE!
To avoid browser warnings, the self-signed certificate must be manually imported into the Trusted Root Certification Authorities store on each client machine.
Enable Client Certificates (Optional)
Client certificates add an additional layer of security. With this enabled, only users or devices with a valid client certificate can log in to Web Port.
When should you use client certificates?
-
When dealing with sensitive data
-
When strict access control is required
-
When you already have infrastructure for managing user certificates (e.g. an internal CA)
How to enable:
-
Go to System Settings → Server → SSL Certificate
-
Check Use client certificate
-
(Optional) Check Force certificate login to require client certificates for all logins
-
Specify the Trusted Issuer (CA)
Info
All client devices must have the required certificate installed to connect successfully.
Remove or Disable a Certificate
Remove an active certificate from Web Port
-
Go to System Settings → Server → SSL Certificate
-
Click Remove Cert
-
Restart Web Port Server
Remove from Windows
-
Open the Certificate Manager (
certmgr.msc
) -
Search for certificates named "WebPort"
-
Right-click and delete them
Temporarily disable SSL
-
Rename the file
webport.p12
(e.g.webport.p12.bak
) -
Restart Web Port Server
-
Access Web Port using
http://
instead ofhttps://
Tip
Rename the file back to webport.p12
to re-enable SSL and restart the server.
Info
If you only remove the certificate in Web Port, the system will stop using it for HTTPS connections, but the certificate will still remain installed in Windows. This means the certificate is still available on the machine and can be reactivated later if needed.
If you want to completely remove the certificate, you must also delete it from Windows using the Certificate Manager.
In some cases, you may need admin rights to remove certificates from Windows.
If you only remove the certificate from Windows, but it’s still active in Web Port (e.g. via webport.p12
), Web Port may continue to serve it. However, clients might start seeing trust warnings since the certificate is no longer considered valid by the system.
Troubleshooting & Common Issues
Issue: | Possible Cause: | Fix: |
Web Port doesn’t start | Wrong port configured | Open webport.conf and set "ServerPort" to 443
|
Browser warns about security | Self-signed certificate not trusted | Install certificate as trusted on the client device |
Login is denied | Missing or invalid client certificate | Ensure valid certificate and correct CA are used |
Wrong certificate scope | Installed for wrong user | Reinstall for Local Machine, not Current User |
Change SSL Port in Configuration
If Web Port fails to start after configuring SSL, the port may be incorrectly set.
-
Open the file:
C:\ProgramData\WebPort\webport.conf
-
Edit using a text editor
-
Make sure this section is correctly configured:
"default": {
"ServerPort": 443
}
-
Save and restart Web Port