Configuring Secure Connections

For security, the ztC Edge system allows only HTTPS connections, by default. If you want to allow HTTP connections, you can configure secure connections.

Note:

When you activate or deactivate the check box next to Enable HTTPS Only / Disable HTTP in the procedure below and click Save, the system automatically logs you out of the ztC Edge Console and you must log in again,

When HTTPS connections are enabled, you can use a script to install a custom certificate into the CA bundle on the host machine. See To install a custom certificate into the CA bundle. (Alternatively, if you need to install a custom certificate into the Java keystore to enable secure connections for Active Directory or SMTP, see To install a custom certificate into the Java keystore.)

To enable HTTP and HTTPS connections

  1. Click Preferences in the left-hand navigation panel, to open the Preferences page.
  2. Under Administrative Tools, click Secure Connection.
  3. Deactivate the check box next to Enable HTTPS Only / Disable HTTP

  4. Click Save.

    The system automatically logs you out of the ztC Edge Console and redirects the browser to the HTTPS login page. To access the HTTP login page, you manually replace https with http in the browser's address bar, and then you can log in.

If the system allows HTTP and HTTPS connections and you want to allow only HTTPS connections, you need to activate the check box.

To enable only HTTPS connections

  1. Click Preferences in the left-hand navigation panel, to open the Preferences page.
  2. Under Administrative Tools, click Secure Connection.
  3. Activate the check box next to Enable HTTPS Only / Disable HTTP

  4. Click Save.

    The system automatically logs you out of the ztC Edge Console, redirects the browser to the HTTPS login page, and you must log in again.

If you need to install a custom certificate into the CA bundle of the ztC Edge system to enable HTTPS connections for the ztC Edge Console or the REST API, use the following information:

To install a custom certificate into the CA bundle of the ztC Edge system, use the certificate_installer script. Using this script, you can install a custom SSL certificate, recover a previously used or build-in certificate, and display information about a certificate currently in use or previously used, as follows:

  • Install a custom certificate on the host machine (non HTTPS-only mode):

    1. Copy a certificate to the /tmp folder of the host machine.

    2. Issue the following command:

      certificate_installer install -c /tmp/server.crt -k /tmp/server.key

  • Install a custom certificate on the host machine (HTTPS-only mode):

    1. Copy a certificate to the /tmp folder of the host machine.

    2. Issue the following command:

      certificate_installer install -c /tmp/server.crt -k /tmp/server.key ‑f

  • Recover the custom certificate to the previously used one:

    certificate_installer recover -p

  • Recover the custom certificate to the built-in one:

    certificate_installer recover -b

  • List information about the currently used certificate:

    certificate_installer list -c

  • List information about the previously used certificate:

    certificate_installer list -p

For more information about installing a custom certificate, access the Knowledge Base to search for the article Adding Certificates to ca-bundle.crt in ztC Edge (KB0014653). See Accessing Knowledge Base Articles.

Usage

certificate_installer [command command_options] [script_options]

Commands and Options for Installing Certificates Into the CA Bundle

Note: These commands and options are available only for managing certificates in the CA bundle.
install command_options

Installs the custom certificate. Command options are:

  • -c, --cert=certificate_path: The path where the certificate is saved.

  • -k, --key=private_key_path: The path where the key is saved.

  • -f, --[no-]force: Force replacing the SSL certificate in use.

recover command_options

Recovers the custom certificate. Command options are:

  • -b, --[no-]built-in (the default): Recover to the built-in certificate.

  • -p, --[no-]previous: Recover to the previously used certificate
list command_options

Lists the custom certificate(s). Command options are:

  • -a, --[no-]all (default): List all SSL certificates on host machine.

  • -c, --[no-]current: List the currently used certificate.

  • -p, --[no-]previous: List the previously used certificate.

  • -L, --location=location: Show information of a certificate at a specified location.

Script Options

-v, --[no_]verbose In verbose mode, the script displays all information.
-l, --log=log_file Prints logs to the file log_file instead of to STDOUT.


If you need to install a custom certificate into the Java keystore of the ztC Edge system to enable secure connections for Active Directory or SMTP, use the following information:

To install a custom certificate into the Java keystore of the ztC Edge system, use the certificate_installer script. For example, you can install a custom certificate as follows:

  1. Copy a certificate to the /tmp folder of the host machine.

  2. Issue the following command:

    certificate_installer install --java --alias ldapcert --cert /tmp/client.crt

For more information about creating and installing a custom certificate for Active Directory, search for the article How to re-enable connection to Active Directory Server after migrating from ztC SRL v2.x to v3.x (KB0015909).

Usage

certificate_installer[command command_options][script_options]

Commands and Options for Installing Certificates Into the Java Keystore

Note: These are the only certificate_installer options available for managing the Java keystore.
install command_options

Installs the custom certificate. Command options are:

  • -j, --java: Install a certificate into the Java keystore.

  • -a, --alias=alias: Specify the alias you want to assign to the certificate (recommended)

Related Topics

ztC Edge Console

Preferences Page

Using the ztC Edge Console

Security Hardening