Activate HTTPS on the Web Portal Server
To protect the transported information from eavesdropping, you can encrypt the communications by activating HTTPS on the Web Portal Server.
If you secure the Web Portal connections using HTTPS, the Web Portal Server requires a certificate. You can either self-sign the certificate directly in the dialog box or use an externally signed certificate:
- If you self-sign the certificate directly, web browsers display a warning to the users and require them to accept the certificate. The certificate is valid for one year. Renewing is done by recreating the certificate in the same way as a new certificate is created.
- Alternatively, you can sign the certificate using an external certificate authority that the clients already trust. An example would be one of the large commercial certificate authorities or a company-internal certificate authority that all clients are configured to trust.
Certificates have a fixed validity time (from a certain date and time to a certain date and time). Make sure that the date, time, and time zone settings are correct on both the Management Server and the Web Portal Server computers. Clients also check the certificate validity, but incorrect time settings on the client computers typically do not prevent the Web Portal from being used. Instead, browsers typically display a warning that users can dismiss.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Home.
- Browse to .
- Right-click the Web Portal Server, then sleect Properties.
- On the Web Portal tab click Select next to the Server Certificate field.
- Select a TLS Credentials element.
- Click OK.
Web Portal Server Properties dialog box
Use this dialog box to define Web Portal Server properties.
Option | Definition |
---|---|
General tab | |
Name | The name of the element. |
IPv4 Address | Specifies the IPv4 address of the server. The server can have both an IPv4 and an IPv6 address. |
IPv6 Address | Specifies the IPv6 address of the server. The server can have both an IPv4 and an IPv6 address. |
Resolve | Automatically resolves the IP address of the server. |
Location | Specifies the location for the server if there is a NAT device between the server and other SMC components. |
Log Server | Specifies the Log Server to which the server sends its logs. |
Category (Optional) |
Includes the element in predefined categories. Click Select to select a category. |
Tools Profile | Adds commands to the right-click menu for the element. Click Select to select an element. |
Comment (Optional) |
A comment for your own reference. |
Option | Definition |
---|---|
Web Portal tab | |
Enable | Enables the feature. |
Host Name
(Optional) |
Enter the host name that the service uses. Leave the field blank to allow requests to any of the server’s host names. |
Port Number (Optional) |
Enter the TCP port number that the service listens to. By default, the standard HTTP port 80 is used on Windows and 8080 on Linux (which does not allow the use of reserved ports for this type of service). Note: Make sure that the listening port is not in use on the server.
|
Listen Only on Address
(Optional) |
If the server has several addresses and you want to restrict access to one address, specify the IP address to use. |
Server Credentials | You must select the TLS Credentials element that is used for HTTPS connections. Click Select to select an element. |
Generate Server Logs
(Optional) |
Select if you want to log all file load events for further analysis with external web statistics software. |
Use SSL for session ID
(Optional) |
Track sessions in your web application. Do not select this option if your network requires you to use cookies or URIs for session tracking. |
Option | Definition |
---|---|
SMC Web Access tab | |
Enable | Enables the feature. |
Host Name
(Optional) |
Enter the host name that the service uses. Leave the field blank to allow requests to any of the server’s host names. |
Port Number |
Enter the TCP port number that the service listens to. By default, port 8085 is used when SMC Web Access is enabled on the Management Server and port 8083 when enabled on the Web Portal Server. Note: Make sure that the listening port is not in use on the server.
|
Listen Only on Address
(Optional) |
If the server has several addresses and you want to restrict access to one address, specify the IP address to use. |
Session Timeout | Enter the timeout in seconds after which the session expires. While the session is still active, the administrator does not need to log on again if they close the web browser. |
Server Credentials | You must select the TLS Credentials element that is used for HTTPS connections. Click Select to select an element. |
Use SSL for session ID
(Optional) |
Track sessions in your web application. Do not select this option if your network requires you to use cookies or URIs for session tracking. |
Path to xvfb-run Installation | If the server is installed on a Linux platform, enter the path to the installation of xvfb-run. |
Option | Definition |
---|---|
Announcement tab | |
Display announcement to Web Portal Users | Enables you to display announcements to the administrators who log on to the Web Portal. Enter the announcement in the field. The length is limited to 160 characters. You can add formatting to the announcement with standard HTML tags (which are also included in the character count). |
Option | Definition |
---|---|
NAT tab | |
Firewall | Shows the selected firewall. |
NAT Type | Shows the NAT translation type: Static or Dynamic. |
Private IP Address | Shows the Private IP Address. |
Public IP Address | Shows the defined Public IP Address. |
Port Filter | Shows the selected Port Filters. |
Comment | An optional comment for your own reference. |
Add NAT Definition | Opens the NAT Definition Properties dialog box. |
Edit NAT Definition | Opens the NAT Definition Properties dialog box for the selected definition. |
Remove NAT Definition | Removes the selected NAT definition from the list. |