Hello to everyone, I hope everyone is safe and healthy.
I would like to know if it is possible to use https in a process dashboard enterprise server configuration, and if there are any instructions or tips to consider when trying such a configuration.
Thank you in advance for any feedback.
Best regards,
Haydee
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, absolutely - HTTPS is strongly recommended for the Enterprise Server.
When using HTTPS, the SSL certificate you use must trace back to a known Certificate Authority in the industry (for example, Verisign, Thawte, Equifax, GeoTrust, LetsEncrypt, etc). Self-signed certificates (the kind that generate security warnings in a web browser) are not supported. Certificates that have been signed by your company's internal certificate authority are also not supported.
The reason for this is that Enterprise Server connections are initiated from your browser and from the Process Dashboard client. The dashboard client is running in a Java process, and Java ships with a built-in list of trusted industry certificate authorities. Even if you tell your browser to trust a self-signed certificate, you haven't changed the list of certificates that Java trusts. Changing Java's list is more difficult, and has to be done on each workstation separately. It's much easier just to use a real SSL certificate.
The process for installing an SSL certificate depends on the web server you are using. For example, many Enterprise Server installations run in Apache Tomcat. You can consult the documentation for your server to see how SSL certificates should be installed.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, absolutely - HTTPS is strongly recommended for the Enterprise Server.
When using HTTPS, the SSL certificate you use must trace back to a known
Certificate Authority in the industry (for example, Verisign, Thawte,
Equifax, GeoTrust, LetsEncrypt, etc). Self-signed certificates (the kind
that generate security warnings in a web browser) are not supported.
Certificates that have been signed by your company's internal certificate
authority are also not supported.
The reason for this is that Enterprise Server connections are initiated
from your browser and from the Process Dashboard client. The dashboard
client is running in a Java process, and Java ships with a built-in list of
trusted industry certificate authorities. Even if you tell your browser to
trust a self-signed certificate, you haven't changed the list of
certificates that Java trusts. Changing Java's list is more difficult, and
has to be done on each workstation separately. It's much easier just to use
a real SSL certificate.
The process for installing an SSL certificate depends on the web server
you are using. For example, many Enterprise Server installations run in
Apache Tomcat. You can consult the documentation for your server to see how
SSL certificates should be installed.
Hello to everyone, I hope everyone is safe and healthy.
I would like to know if it is possible to use https in a process dashboard enterprise server configuration, and if there are any instructions or tips to consider when trying such a configuration.
Thank you in advance for any feedback.
Best regards,
Haydee
Yes, absolutely - HTTPS is strongly recommended for the Enterprise Server.
When using HTTPS, the SSL certificate you use must trace back to a known Certificate Authority in the industry (for example, Verisign, Thawte, Equifax, GeoTrust, LetsEncrypt, etc). Self-signed certificates (the kind that generate security warnings in a web browser) are not supported. Certificates that have been signed by your company's internal certificate authority are also not supported.
The reason for this is that Enterprise Server connections are initiated from your browser and from the Process Dashboard client. The dashboard client is running in a Java process, and Java ships with a built-in list of trusted industry certificate authorities. Even if you tell your browser to trust a self-signed certificate, you haven't changed the list of certificates that Java trusts. Changing Java's list is more difficult, and has to be done on each workstation separately. It's much easier just to use a real SSL certificate.
The process for installing an SSL certificate depends on the web server you are using. For example, many Enterprise Server installations run in Apache Tomcat. You can consult the documentation for your server to see how SSL certificates should be installed.
Hello David,
I am very glad to hear from you. Thank you very much for your kind
response.
Please stay safe and take care.
Best wishes
Haydee
On Tue, Sep 22, 2020 at 10:06 AM David Tuma tuma@users.sourceforge.net
wrote: