(Hypertext Transfer Protocol Secure
) uses the HTTP
protocol and the transmitted data is encrypted by SSL/TLS
The standard port for HTTPS
on the server is 443
- to verify the communication partner identity
- secure the connection between the Web browser and Web server by encryption. against tapping and data counterfeit
The basic component of security provided by SSL/TLS
protocols is based on digital certificates
. The certificates are issued in general for different purposes (e.g. e-mail signatures, computer domain signatures, etc.).
The certificate consists of the public and private part. The public part of the certificate can be owned by anyone. The private part must be secured and restricted to unauthorized personell.
There is also a possibility to create the certificate, that is signed by the issuer itself (self-signed certificate
) by using own certification authority (unknown to other clients), however in such case both server and client must manually add the public part of the certificate into the storage of the own certification authority, so the certification authority becomes valid to both server and the client.
In order to use the HTTPS in the PROMOTIC Web server
it is necessary to:
Import the certificate (both private and public part) into the PROMOTIC Web server, signing the computer domain (CN
). The computers with the Web server and Web client must both recognize the certification authority that issued such certificate (it means that in the local storage there must be the public part of the certificate).
The Web server itself runs as Windows
service, therefore it is necessary to ensure that the certificates are not imported the default way under the currently logged Windows
user, but are imported into the "Certificates - local"
(not into the default location "Certificates - current user").
can import the certificate into the correct location and therefore this utility is recommended also for certificate import.
- Another way of certificate import is to use the administrator console MMC.EXE
(Microsoft Management Console
) with the "Certificates - local" plugin.
Configuration of HTTP
service of the Windows OS
to be used by Web server of the PROMOTIC system can be done by the utility PmHttpConfig.exe
The HTTP service allows in the PROMOTIC application to use both HTTP
protocol and HTTPS
protocol and is configured as follows:
a) Permissions of current Windows user to run the Web server based on the HTTP service (for both HTTP and HTTPS protocols). Administrators group members always have the permission to run the HTTP service, therefore it is not necessary to authorize it. Other users must be authorized namely.
b) Connecting the certificate, that signs the computer domain, with corresponding Web server port (only for the HTTPS protocol).
In the PROMOTIC application the "Web server type
" configurator set to value https service
and also set the corresponding port (standard value is 443