Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Updates & Insights
  • Questions
  • Learning
    • E-learning Courses
    • Empower Replay: Limited Edition
    • Tutorials
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
      • About the DevOps Program
      • DataMiner DevOps Support
  • Downloads
  • More
    • DataMiner Releases & Updates
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

HTTPS: is an active certificate necessary

Solved1.83K views21st August 2020FQDN HTTPS
4
Jeroen Geldhof [SLC] [DevOps Enabler]5.07K 21st August 2020 0 Comments

Is the way for us to change our system to HTTPS only with an active certificate, as well as only using FQDN?

Jeroen Geldhof [SLC] [DevOps Enabler] Selected answer as best 21st August 2020

2 Answers

  • Active
  • Voted
  • Newest
  • Oldest
6
Wim Bruynooghe [SLC] [DevOps Advocate]6.59K Posted 21st August 2020 0 Comments

A FQDN and a trusted active certificate are indeed required to use https. What certificate you can use depends if your system is publicly accessible on the internet or not:

  • If publicly accessible, for example https://dataminer.company.com/, you can get a certificate at a certificate authority which you can import and use in IIS. To make use of Let’s Encrypt, see this blog post.
  • If access is limited to a private network (intranet), for example https://dataminer.company.local/, you can generate your own certificate(s) which you can sign with a self-generated root certificate that has to be installed on every machine (servers and clients). In Skyline we created our own “*.skyline.local” certificate that is signed by our Skyline Root certificate. See this post on how to generate your own certificate using OpenSSL, basically it comes down to this:
    • Generate new private key:
      openssl genrsa -out device.key 2048
    • Create a new certificate:
      openssl req -new -key device.key -out device.csr -config yourcert.cnf
    • Sign the new certificate with the root certificate:
      openssl ca -config RootCA.cnf -out device.crt -extfile yourcert.extensions.cnf -in device.csr -days 500
    • Create Windows server pfx package:
      • copy /b RootCA.pem+device.crt bundle.crt
      • openssl pkcs12 -export -out yourcert.pfx -in bundle.crt -inkey device.key -name “My Self-Signed SSL Certificate”
    • Import the pfx package in IIS
  • Follow the instructions of the DataMiner help.
Jeroen Geldhof [SLC] [DevOps Enabler] Selected answer as best 21st August 2020
3
Jan-Klaas Kesteloot [SLC] [DevOps Advocate]1.13K Posted 21st August 2020 0 Comments

There is a good article in the DM User Guide for this. I also remember having to do the following:

  • the certificate needs to be valid for the FQDN (an exact match or valid for the domain the server is in)
  • the server needs be configured with its hostname and DNS suffix.
  • clients have to connect to the FQDN
    • you can optionally force clients to connect the server by only allowing bindings to the FQDN (and prevent accessing via  the server’s IP address)
    • There needs to be a DNS mapping between the FQDN and the IP address of the server. For testing purposes, you modify the ‘hosts’ file on a Windows client.
  • At the time (2yrs ago), I also had to allow an HTTP binding on the localhost. I don’t think there’s a security issue with that, because this only allows the server to connect to itself via HTTP. This was needed for some functionality like rendering Visual Overview in a (legacy) dashboard.
Jan-Klaas Kesteloot [SLC] [DevOps Advocate] Answered question 21st August 2020
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs