STARFACE WIKI (English)

Seitenhierarchie

Suche
Web interface of the STARFACEMenu "Configuration"Menu "Server"Tab "Web Server"

The HTTPS service is also activated by default for the STARFACE web server in addition to the HTTP service. Both services are available on the default port numbers (80 and 443), and they can also be changed in the respective fields. The Force redirect to HTTPS option makes access to the STARFACE web interface only possible over HTTPS.

Note: If the HTTP service is deactivated or if the default port 80 is modified, problems with independent connections can occur with the address book on SIP telephones, for example.

A certificate is required for the web server to use HTTPS. A provisional certificate is already stored in STARFACE. An entry mask opens when the button "New Certificate" is pressed. The following information is mandatory in this mask:

Field nameDescription
Server nameThis information refers to the domain for which the certificate is to be valid.
SANThis information describes the alternative name, which is specified in the certificate and extends the validity by further domain names. This name does not have to be related to the basic domain (common name).
Days of validityThis information refers to how long the certificate is to be valid for in days.

The domain name must be complete and correct, e.g. companyname.net (without https://). Generally, a certificate has no validity for any subdomains, whereby so-called wildcard certificates are an exception. In order to do justice to the meaning of a real server certificate, the certificate must be signed by an external certification authority (Certificate Authority or CA). A selection of recognized certification authorities can be found in the settings of the web browser used. However, external certification is not mandatory if, for example, STARFACE is only accessible internally. The requirements and conditions of the respective certification bodies for this process must also be taken into account.

Note: Please note that Private Keys cannot be imported via the web interface.

An encrypted file of the certificate is generated using the button "Certificate Request". The content of the window must be copied and sent to the selected certificate authority by e-mail. The certificate authority checks the application and sends the signed certificate back, generally by e-mail.

The signed certificate is imported using the button "Import Certificate Response"; a new window with two text boxes opens during this process. The certificate authority’s signed certificate is copied to the top text box. Since the structure of the feedback from the various certification authorities can be very different, it is recommended that all received certificates (except the root certificate of the certification authority) be copied together in the following form:

-----BEGIN CERTIFICATE-----
           CA Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
         Intermediate Certificate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
          Intermediate Certificate 2
-----END CERTIFICATE-----

It should be noted that there is not always an intermediate certificate or there may be more than 2 intermediate certificates.
Note: It must be noted that no empty blank lines and spaces are inserted during the copying process.

The certificate authority’s root certificate is copied to the bottom text field.

  • Keine Stichwörter