HTTPS - secured HTTP protocol

HTTPS (Hypertext Transfer Protocol Secure) uses the HTTP protocol and the transmitted data is encrypted by SSL/TLS.
The standard port for HTTPS on the server is 443.
HTTPS allows:
- to verify the communication partner identity
- secure the connection between the Web browser and Web server by encryption. against tapping and data counterfeit

The basic component of security provided by SSL/TLS protocols is based on digital certificates. The certificates are issued in general for different purposes (e.g. e-mail signatures, computer domain signatures, etc.).
The certificate consists of the public and private part. The public part of the certificate can be owned by anyone. The private part must be secured and restricted to unauthorized personell.
There is also a possibility to create the certificate, that is signed by the issuer itself (self-signed certificate) by using own certification authority (unknown to other clients), however in such case both server and client must manually add the public part of the certificate into the storage of the own certification authority, so the certification authority becomes valid to both server and the client.

In order to use the HTTPS in the PROMOTIC Web server it is necessary to:
1) Import the certificate (both private and public part) into the PROMOTIC Web server, signing the computer domain (CN). The computers with the Web server and Web client must both recognize the certification authority that issued such certificate (it means that in the local storage there must be the public part of the certificate).
Caution: The Web server itself runs as Windows service, therefore it is necessary to ensure that the certificates are not imported the default way under the currently logged Windows user, but are imported into the "Certificates - local" (not into the default location "Certificates - current user").
- PmHttpConfig.exe can import the certificate into the correct location and therefore this utility is recommended also for certificate import.
- Another way of certificate import is to use the administrator console MMC.EXE (Microsoft Management Console) with the "Certificates - local" plugin.
2) Configuration of HTTP service of the Windows OS to be used by Web server of the PROMOTIC system can be done by the utility PmHttpConfig.exe.
The HTTP service allows in the PROMOTIC application to use both HTTP protocol and HTTPS protocol and is configured as follows:
a) Permissions of current Windows user to run the Web server based on the HTTP service (for both HTTP and HTTPS protocols). Administrators group members always have the permission to run the HTTP service, therefore it is not necessary to authorize it. Other users must be authorized namely.
b) Connecting the certificate, that signs the computer domain, with corresponding Web server port (only for the HTTPS protocol).
3) In the PROMOTIC application the "Web server type" configurator set to the https service value and also set the corresponding port (standard value is 443).
PROMOTIC 9.0.27 SCADA system documentation MICROSYS, spol. s r.o.

Send page remarkContact responsible person
© MICROSYS, spol. s r.o.