Web interface of the STARFACE | Menu "Configuration" | Menu "Server" | Tab "Web Server" |
---|---|---|---|
The HTTPS service is also activated by default for the STARFACE web server in addition to the HTTP service. Both services are available on the default port numbers (80 and 443), and they can also be changed in the respective fields. The Force redirect to HTTPS option makes access to the STARFACE web interface only possible over HTTPS.
A certificate is required for the web server to use HTTPS. A provisional certificate is already stored in STARFACE. An entry mask opens when the button "New Certificate" is pressed. The following information is mandatory in this mask:
Field name | Description |
---|---|
Server name | This information refers to the domain for which the certificate is to be valid. |
SAN | This information describes the alternative name, which is specified in the certificate and extends the validity by further domain names. This name does not have to be related to the basic domain (common name). |
Days of validity | This information refers to how long the certificate is to be valid for in days. |
The domain name must be complete and correct, e.g. companyname.net (without https://). Generally, a certificate has no validity for any subdomains, whereby so-called wildcard certificates are an exception. In order to do justice to the meaning of a real server certificate, the certificate must be signed by an external certification authority (Certificate Authority or CA). A selection of recognized certification authorities can be found in the settings of the web browser used. However, external certification is not mandatory if, for example, STARFACE is only accessible internally. The requirements and conditions of the respective certification bodies for this process must also be taken into account.
An encrypted file of the certificate is generated using the button "Certificate Request". The content of the window must be copied and sent to the selected certificate authority by e-mail. The certificate authority checks the application and sends the signed certificate back, generally by e-mail.
The signed certificate is imported using the button "Import Certificate Response"; a new window with two text boxes opens during this process. The certificate authority’s signed certificate is copied to the top text box. Since the structure of the feedback from the various certification authorities can be very different, it is recommended that all received certificates (except the root certificate of the certification authority) be copied together in the following form:
-----BEGIN CERTIFICATE-----
CA Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate Certificate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate Certificate 2
-----END CERTIFICATE-----
It should be noted that there is not always an intermediate certificate or there may be more than 2 intermediate certificates.
The certificate authority’s root certificate is copied to the bottom text field.