To encrypt the connection to the Web Port server, Secure Socket Layer (SSL) is used. In order for this to work, a certificate must be issued. This can be done from SYSTEM SETTINGS/SERVER/SSL Certificates.
There are two types of certificates, self-signed and signed by a trusted third party. When signed certificates are used, this is indicated by a green-marked address field in most browsers. Self-signed certificates generate a warning in most browsers unless their own computer can verify the certificate. This can be done by installing the self-signed certificate in advance on all computers that will connect to the Web Port server.
The following information is entered to generate a certificate, or CSR.
Information: | Description: |
Common name (CN) | The IP address or domain name the certificate will be issued to (MANDATORY) |
Organisation | Organisation name, for example, company name |
Department | Any department within the company |
City | City where the company where the company operates |
Region / State | Region in the country where the company operates |
Country | Country where the company where the company operates |
Alternative names | Used if several domain names or IP addresses are to be protected |
Key Type | Number of bit encryption in the key |
Password | Password for the certificate |
Self-Signed | Marked if a self-signed certificate is to be generated |
Information:
Status provides information about the current status of the certificate.
Client Certificate
Setting: | Description: |
Use client certificate | (checkbox) Check if clien should provide a certificate |
Force certificate login | (checkbox) Check if you only allow login by a valid certificate |
Trusted issuer | Trusted issuer of client certificates |
Self-Signed Certificates
Self-signed certificates can be issued directly by the Web Port server. This is done by following the instructions below:
- Fill in the information described in table above
- Select the Self-Sign box.
- Press the SAVE button
- Press the CREATE CERT button (to the right of SAVE)
- Wait for a popup box to appear where it is stated that the certificate has been generated. This may take a few minutes.
- Stop the Web Port server
- Go to the Web Port data directory.
- Double-click the webport.p12 file and install the certificate on local computer. Follow the instructions in Windows. Make sure to select local computer and NOT current user. The password requested is the one specified when generating the certificate.
- Remove or save the webport.p12 file.
- Start up the Web Port server.
- Update the address bar in the browser to https and reconnect to Web Port.
To see information about the current certificate, go to SYSTEM SETTINGS/SERVER/SSL Certificates
Information:
To avoid warnings on clients connecting to the Web Port server, webport.p12 can be installed on all clients who will have access to Web Port. To do this, copy the file to the client and perform step 8 above.
Signed Certificates
Signed certificates are issued by a trusted 3rd party. There are several services that can do this. The easiest way is to search online for SSL certificates. When a certificate is to be ordered, something called Certificate Signing Request (CSR) is required, which is created directly in Web Port. To generate a CSR follow the steps below:
- Fill in the information described in table above
- Make sure the ‘Don’t self-sign’ box is selected
- Press the SAVE button
- Press the CREATE CSR button
- Wait for a popup box to indicate that CSR has been created
- Download and save Private Key in a safe place
- Follow the instructions of the issuer of the certificate and attach the CSR file
- Enter the certificate information obtained from the issuer in the three boxes:
Domain Certificate, CA Intermediate Certificate and CA Root Certificate. - Press the SAVE button
- Press the CREATE CERT button
- Wait for a popup box to appear where it states that the certificate has been generated. This may take a few minutes.
- Stop Web Port server
- Go to the Web Port data directory.
- Double-click the webport.p12 file and install the certificate on local computer.
Follow the instructions in Windows.
Make sure to select local computer and NOT current user.
The password requested is the one specified when generating the certificate.
Ensure that Domain Certificates are read in Trusted Publishers. - Remove or save the webport.p12 file.
- Start up the Web Port server.
- Update the address bar in the browser to https and reconnect to Web Port.
- Check the certificate information in SYSTEM SETTINGS/SERVER/SSL Certificates
Information:
If a certificate is used which has not been generated by Web Port, the following steps are sufficient.
1. Configure Common Name (CN) in the certificate settings of Web Port
2. Install the certificate on local computer if not already done.
Follow the instructions in Windows. NOTE that local computer should be selected, NOT current user
3. Restart Web Port
4. Update the URL in the web browser to https and reconnect to Web Port.
5. Check the certificate information System settings/Server/SSL Certificates
Removing certificates
To delete an active certificate go to SYSTEM SETTINGS/SERVER/SSL Certificates. Then click on the REMOVE CERT button and then restart Web Port.
Information:
To remove the certificate from Windows, open Certificate Manager (click Windows Start, and then type certmgr.msc and ENTER). Search and delete all Certificates called something more than WebPort.
Information:
If certificates not generated by Web Port are used, fill in information about the certificate in Web Port and save. Then follow steps 12-17 above.
Tip!
You can also temporarily disable the certificate by renaming the webport.p12 file and then restarting the Web Port server.
Remember to change to http instead of https when this is done.
To reactivate the certificate, just rename the file again so that it is named webport.p12 and then restart the Web Port server.