HTTPS - secured HTTP protocol

HTTPS (Hypertext Transfer Protocol Secure) uses the HTTP protocol and the transmitted data is encrypted by SSL/TLS. HTTPS allows to verify the communication partner identity and also secure the connection between the Web browser and Web server by encryption. The tandard port for HTTPS on the server side is 443.

The basic component of security provided by SSL/TLS protocols is based on digital certificates. The certificates are issued in general for different purposes (e.g. e-mail signatures, computer domain signatures, etc.). The certificate consists of the public and private part. The public part of the certificate can be owned by anyone. The private part must be secured and restricted to unauthorized personell. Each certificate is issued (generated) by certification authority that guarantees the certificate validity. The customer pays for issuing the certificate by recognized certification authority, that has the public part of the certificate available in public storage used by Web browsers (e.g. THAWTE, VeriSign, PostSignum). There is also a possibility to create the certificate, that is signed by the issuer itself (self-signed certificate) by using own certification authority (unknown to other clients), however in such case both server and client must manually add the public part of the certificate into the storage of the own certification authority, so the certification authority becomes valid to both server and the client.


In order to use the HTTPS in the PROMOTIC Web server it is necessary to:

1) Import the certificate (both private and public part) into the PROMOTIC Web server, signing the computer domain (CN). The computers with the Web server and Web client must both recognize the certification authority that issued such certificate (i.e. that in the local storage there must be the public part of the certificate).

Caution: The Web server itself runs as a service of the OS, therefore it is necessary to ensure that the certificates are not imported the default way under the currently logged Windows user, but are imported into the "Certificates - local" (not into the default location "Certificates - current user"). PmHttpConfig.exe - configuration of HTTP service for PROMOTIC Web servers (HTTP and HTTPS) can import the certificate into the correct location, and therefore this utility is recommended also for certificate import. Another way of certificate import is to use the administrator console MMC.EXE (Microsoft Management Console) with the "Certificates - local" plugin.

2) Configuration of HTTP service of the OS Windows to be used by Web server of the PROMOTIC system can be done by the PmHttpConfig.exe - configuration of HTTP service for PROMOTIC Web servers (HTTP and HTTPS) tool.

The HTTP service allows the PROMOTIC system to use both HTTP and HTTPS protocols and is configured as follows:

a) The permission of current Windows user to run the Web server based on the HTTP service (for both HTTP and HTTPS protocols). Administrators group members always have the permission to run the HTTP service, therefore it is not necessary to authorize it. Other users must be authorized namely.
b) Connecting the certificate, that signs the computer domain, with corresponding Web server port (only for the HTTPS protocol).
3) In the PROMOTIC application set the configurator Web server type to value https service and also set the corresponding port (standard value is 443).
PROMOTIC 8.3.24 SCADA system documentation - MICROSYS, spol. s r.o.

Send page remarkContact responsible person
© MICROSYS, spol. s r. o.Tavičská 845/21 703 00 Ostrava-Vítkovice