Securing Connect Server

IN THIS ARTICLE:

Securing Connect Server on...

Introduction

Installations of Connect Server use the web server already present on your system (IIS on Windows, Apache on Linux and Mac OS X) in order to serve the Connect Server web interface. To protect sensitive information regarding your users or transfers, it is recommended that you configure your web server to encrypt all communication by enabling HTTPS and forcing SSL (Secure Sockets Layer) to be used for all connections to your Connect Server web interface.

Use the following instructions to secure your server on Windows, Linux and Mac OS X.

Environment

  • Product: Connect Server
  • Operating System: Windows, Linux, Mac OS X

 

Before you start

You must have a signed certificate for your server in order to use SSL connections. The certificate can either be signed by a Certificate Authority or self-signed. On Windows, you must also have this certificate installed in IIS. For more information on obtaining a certificate, see the following articles:

Note that a self-signed certificate will cause a warning message to be displayed to users before visiting your Connect Server website. In order to prevent these warnings, you will need to have a certificate signed by a Certificate Authority.

 

Instructions

Windows

1. Click the Start button and type in iis into the search bar. Select Internet Information Services (IIS) Manager to launch the program.
2. On the Connections panel to the left, expand the Sites folder and select the website you installed Connect Server on (most likely, Default Web Site).
3. On the Actions panel to the right, click on Bindings. In the window that opens, click Add.
4. Select an https binding from the drop down. Choose the signed certificate you installed into IIS under SSL certificate. Click OK.
5. In the middle panel with the icons, select SSL Settings in the IIS section.
6. Select the check box Require SSL.
7. You have now enabled HTTPS and forced SSL for all connections on your Connect Server.

Linux

1. Make sure your Apache installation supports SSL. 

On CentOS, check the /etc/httpd/modules directory for the mod_ssl.so module. If not present, run the following command:

yum install mod_ssl openssl

 

On Debian, run the following commands to enable SSL support:

# sudo a2ensite default-ssl
# sudo a2enmod ssl

 

2. Find your Apache configuration file, which depending on your Linux system may be found in the following locations:

  • CentOS: /etc/httpd/conf/httpd.conf
  • Debian: /etc/apache2/apache2.conf

Make a backup of this file, such as with the following command for httpd.conf:

cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak

 

3. Add the following section to the end of the configuration file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


Save the changes to your configuration file and close it.

4. Locate and open the SSL configuration file, which may be found at the following:

  • CentOS: /etc/httpd/conf.d/ssl.conf
  • Debian: /etc/apache2/sites-enabled/default-ssl

CentOS

Ensure the following lines are present and uncommented:

Listen 443
SSLEngine on


Find the SSLCertificateFile setting and update the value to the path to the signed certificate of your server. Likewise, update the SSLCertificateKeyFile setting to the path to the key used for your certificate signing request for your server.

SSLCertificateFile     /path/to/my_cert_name.crt
SSLCertificateKeyFile  /path/to/my_key_name.key

 

Debian

Find the <VirtualHost *:443> section and make sure the following lines are present. Update the SSLCertificateFile setting to the path to the signed certificate of your server. Likewise, update the SSLCertificateKeyFile setting to the path to the key used for your certificate signing request for your server.

SSLEngine on
SSLCertificateFile     /path/to/my_cert_name.crt
SSLCertificateKeyFile  /path/to/my_key_name.key

 

5. Restart Apache.

CentOS:

/etc/init.d/httpd restart


Debian:

/etc/init.d/apache2 restart



6. You have now enabled HTTPS and forced SSL for all connections on your Connect Server.

Mac OS X

1. Find your Apache configuration file, which is found in the following location:

  • /etc/apache2/

Open the configuration file in a text editor.

2. Look for the following lines and make sure they are uncommented:

LoadModule ssl_module libexec/apache2/mod_ssl.so
Include /private/etc/apache2/extra/httpd-ssl.conf

 

Save any changes to your configuration file and close it.

3. Locate and open the httpd-ssl.conf file, which can be found at the following:

  • /private/etc/apache2/extra/httpd-ssl.conf


Find the SSLCertificateFile setting and update the value to the path of your signed certificate your server. Likewise, update the SSLCertificateKeyFile setting to the path of the key used for your certificate signing request for your server.

SSLCertificateFile     /path/to/my_cert_name.crt
SSLCertificateKeyFile  /path/to/my_key_name.key

 

4. Restart Apache.

On Mac OS X 10.8+, simply use the following command:

sudo apachectl restart

 

On Mac OS X 10.6-10.7, go to your System Preferences. Click on the Sharing button and then locate the Web Sharing check box. Check the box off and back on again to restart Apache.

5. You have now enabled HTTPS and forced SSL for all connections on your Connect Server.

Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk