The basic component of security provided by SSL/TLS protocols is based on digital certificates. The certificates are issued in general for different purposes (e.g. e-mail signatures, computer domain signatures, etc.). The certificate consists of the public and private part. The public part of the certificate can be owned by anyone. The private part must be secured and restricted to unauthorized personell. Each certificate is issued (generated) by certification authority that guarantees the certificate validity. The customer pays for issuing the certificate by recognized certification authority, that has the public part of the certificate available in public storage used by Web browsers (e.g. THAWTE, VeriSign, PostSignum). There is also a possibility to create the certificate, that is signed by the issuer itself (self-signed certificate) by using own certification authority (unknown to other clients), however in such case both server and client must manually add the public part of the certificate into the storage of the own certification authority, so the certification authority becomes valid to both server and the client.
In order to use the HTTPS in the PROMOTIC Web server it is necessary to:
Caution: The Web server itself runs as a service of the OS, therefore it is necessary to ensure that the certificates are not imported the default way under the currently logged Windows user, but are imported into the "Certificates - local" (not into the default location "Certificates - current user"). PmHttpConfig.exe - configuration of HTTP service for PROMOTIC Web servers (HTTP or HTTPS) can import the certificate into the correct location, and therefore this utility is recommended also for certificate import. Another way of certificate import is to use the administrator console MMC.EXE (Microsoft Management Console) with the "Certificates - local" plugin.
The HTTP service allows the PROMOTIC system to use both HTTP and HTTPS protocols and is configured as follows: