Use the options on the Security Services Configuration page to set or change general configuration options and to install a server site certificate for SSL security.
Secure Port: Enter the port number on which security services listens. All HTTPS requests to Management & Control Services (MCS) go through this port. This value is initially set during installation. The default value is 8443.
|If you created your own HTML files for accessing MCS, you must change the port value in those files to match the port setting in MCS.
If you previously configured clients to use SSL via MCS, and you change the secure port, you must resave the client configurations in order for the clients to use the new port.
Use TLS Only: Select this option to force TLS to be used with browsers. This option is not enabled by default, allowing MCS to negotiate SSL or TLS with browsers. If you select this option, the browser must be able to accept TLS in order for a connection to be established.
Force 128-bit Encryption: Select this option to allow connections to 128-bit browsers only. This option is not enabled by default, allowing secure connections to both 56-bit and 128-bit browsers. If you select this option, the browser must support 128-bit encryption in order for a connection to be established.
Enable Debug Tracing: Select this option to log all data entering and leaving security services. You should select this option only for troubleshooting purposes; otherwise, tracing may consume unnecessary network resources.
Errors are always logged, regardless of your selection for this option. To view security events, under Services, choose Events | View Events.
Secure the Integrity of Critical MCS Files: Select this option only after you have configured your MCS environment to suit your needs. When this option is selected, critical MCS files are hashed and you can no longer modify them outside of the MCS user interface. Selecting this option is necessary only in environments where local access to the MCS server is not secure.
If you need to edit a file after you have selected this option, to avoid any problems, you should clear the option, make the change, and then reselect the option.
|If any of these files are modified outside the user interface, you'll need to restore backup versions of the files that are exactly the same as they were before editing, or MCS may not function correctly.|
The following files are affected:
|In this location||These files|
|/mcs/WEB-INF/data/auth||All the _auth.properties files|
Site Certificate: Displays the name of your server site certificate. Until you obtain and install a certificate issued by a certificate authority, you can use the demonstration certificate included with MCS to test SSL connections; however, the demonstration certificate has an abbreviated validation period and should not be used in a production environment. For more information about the demonstration certificate, see Overview of Certificates.
Install: Navigate to and install the certificate that you obtained from a certificate authority. This installs the server certificate and your private key.
MCS can use certificates and keys in either .der or .pem format. A .der format file contains binary data. A .pem format file (privacy-enhanced mail) is in ASCII. The file extension must match the contents of the file.
Trusted Certificate Authorities: Displays a list of trusted certificate authorities contained in your CA certificate file.
Add: Display a dialog box from which you can install the CA certificate for your server site certificate.
Remove: Remove the selected certificate authority from the list.
Save: Save your changes.
|Overview of Security Services|
|Configuring Security Services|
|Overview of Certificates|
|Obtaining and Installing Certificates|