HTTPS stands for HyperText Transfer Protocol over SSL (Secure Socket Layer). This TCP/IP protocol is used to transfer and display data securely by adding an encryption layer to protect the integrity and privacy of data traffic. Certificates issued by trusted authorities are used for sender/recipient authentication.
Note: In order to configure HTTPS, you need ADMINISTRATOR rights.
Note that SecureSync supports two different modes of HTTPS operation: The Standard HTTPS Level (default), and a High-Security Level. For more information, see HTTPS Security Levels.
Accessing the HTTPS Setup Window
- Navigate to MANAGEMENT > NETWORK: HTTPS Setup (or, navigate to MANAGEMENT > Network Setup, and click HTTPS in the Actions panel on the left):
The HTTPS Setup window has five tabs:
- Create Certificate Request: This menu utilizes the OpenSSL library to generate certificate Requests and self-signed certificates.
- Subject Alternative Name Extension: This menu is used to add alternative names to an X.509 extension of a Certificate Request.
- Certificate Request: A holder for the certificate request generated under the Create Certificate Request tab. Copy and paste this Certificate text in order to send it to your Certificate Authority.
- Upload X.509 PEM Certificate: Use the window under this tab to paste your X.509 certificate text and upload it to SecureSync.
- Upload Certificate File: Use this tab to upload your certificate file returned by the Certificate Authority. For more information on format types, see Supported Certificate Formats.
Exit the HTTPS Setup window by clicking the X icon in the top right window corner, or by clicking anywhere outside the window.
Should you exit the HTTPS Setup window while filling out the certificate request parameters form before clicking the Submit button, any information you entered will be lost. Exiting the HTTPS Setup window will not lose and Subject Alternative Names that have been entered. When switching between tabs within the HTTPS Setup window, the information you have entered will be retained.
HTTPS provides secure/encrypted, web-based management and configuration of SecureSync from a PC. In order to establish a secure HTTPS connection, an SSL certificate must be stored inside the SecureSync unit.
SecureSync uses the OpenSSL library to create certificate requests and self-signed certificates. The OpenSSL library provides the encryption algorithms used for secure HTTP (HTTPS). The OpenSSL package also provides tools and software for creating X.509 Certificate Requests, Self Signed Certificates and Private/Public Keys. For more information on OpenSSL, please see www.openssl.org.
Once you created a certificate request, submit the request to an external Certificate Authority (CA) for the creation of a third party verifiable certificate. (It is also possible to use an internal corporate Certificate Authority.)
If a Certificate Authority is not available, or while you are waiting for the certificate to be issued, you can use the default Spectracom self-signed SSL certificate that comes with the unit until it expires, or use your own self-signed certificate. The typical life span of a certificate (i.e., during which HTTPS is available for use) is about 10 years.
Note: If deleted, the HTTPS certificate cannot be restored. A new certificate will need to be generated.
Note: In a Chrome web browser, if a valid certificate is deleted or changed such that it becomes invalid, it is necessary to navigate to Chrome's Settings> More Tools> Clear browsing data> Advanced and clear the Cached images and files in the history. Otherwise Chrome's security warnings may make some data unavailable in the Web UI.
Note: If the IP Address or Common Name (Host Name) is changed, you need to regenerate the certificate, or you will receive security warnings from your web browser each time you log in.