HTTPS Protocol Configuration for Web Interface
Using HTTPS Access instead of HTTP
By default, the program's built-in web interface operates over the non-secure HTTP protocol. This means that the transferred data can be easily captured and viewed. This data includes the IP and MAC addresses of your monitored devices, names and locations of your switches, the program's event log, parameters of your checks, etc. If you access the web UI over your private local network where all users have access to this data, you do not have to worry about this.
However, if you want to access the web interface using public networks (Internet), you will definitely need to use the secure HTTPS protocol for accessing the information using your web browser (or use VPN).
The HTTPS protocol uses the data encryption for the transferred data. The encryption uses a key and the certificate provided for the web server's domain name by a certificate provider. The certificate has a digital signature protecting it from falsification.
Installing Signed Certificate
If you have a signed SSL certificate for your domain, you can use it with the program's web UI. Perform the following steps:
- Your certificate provider should provide two files to you: 1) the signed certificate file (.crt) and the key file (.key). Copy these files to the c:\Program Files (x86)\10-Strike LANState Pro\Certificate\ folder
- Rename the files to lanstate.crt and lanstate.key accordingly. The lanstate.crt file should be in the PEM format. I.e. it should look like this (if you open it in a text editor):
-----BEGIN CERTIFICATE-----
MIIDzDCCArQCCQCXtcBm22AETzANBgkqhkiG9w0BAQQFADCBpzEbMBkGA1UEChMS
MTAtU3RyaWtlIFNvZnR3YXJlMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QDEwLXN0
...
xEDGxy6A+grWMG7p8Ct/KIIz0dUeoJRw8kQvV/eZsOIBiWfVo8OsEdBgShobZupG
560vPhTn6pode036YdDHMQ==
-----END CERTIFICATE----- - Open the program settings and find the "Web" section. Enable the "Use secure protocol HTTPS" setting. Restart the web server (use the Stop-Start buttons for this). Click OK to save the new settings.
- Click the "Web interface" button on the program's toolbar.
Now you are working with the program's web UI through the secure connection. You should see the lock icon on the address panel and the address should start from "https://...".
Working with Web Interface Using Our Self-Signed Demo Certificate
The program contains a test SSL certificate for testing the HTTPS function. The provided certificate is self-signed (i.e. it is signed by us, not by an official certificate provider). This demo certificate was generated by the open-source openssl.exe tool.
This certificate is suitable for the demonstration needs (so you can try the HTTPS feature without buying any certificates) and it should not be used in non-secure networks because it is not safe. However, if you do not have your own certificate for your domain name and company, you can use this certificate in your local network. You will also need to add this certificate to your browser's list of exceptions to avoid errors and blocking.
How to do this? When you are trying to access the web UI's URL, the browser will display a warning about the connection security. Perform the following steps to avoid getting these warnings in future (on Mozilla Firefox example):
- Click Advanced.
- Click Add Exception...
- On the displayed window, click Confirm Security Exception.
After that, your browser will continue loading the web UI and you will be able to work with it over HTTPS in the way like you have a normal paid SSL certificate installed. The web browser will continue consider the connection as not secure because it cannot check the certificate's validity.
Warning! Please do not use the demo certificate (or other self-signed certificates) for accessing the program's web interface over public networks (through the Internet). This is not safe!