Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Security – DMS configured on IP still works after enabling HTTPS

Solved1.84K views16th March 2023DMS HTTP HTTPS MaintenanceSettings.xml security
1
Alexander Verriest [SLC] [DevOps Advocate]424 2nd June 2022 0 Comments

My DMS is configured with IP addresses for every agent in the cluster.

Since I now enabled HTTPS in maintenancesettings I would expect I need to configure the DMS to use hostnames, but the connection remains working as normal with IP addresses only.
Why is that? Is my DMS actually using HTTPS or do I need to enabled something else too?

EDIT: My bindings in IIS already had no mention of http anymore.

Miloš Sedláček [DevOps Advocate] Answered question 16th March 2023

4 Answers

  • Active
  • Voted
  • Newest
  • Oldest
6
Gellynck Jens [SLC]2.71K Posted 2nd June 2022 0 Comments

Hi Alexander,

DataMiner still functions because Inter-DataMiner connections communicate over .NET Remoting (TCP port 8004), while downloading Cube or opening the web applications actually uses HTTP(S). There's a nice graphical representation in the docs. (Note the difference between the default Client connections, aka Cube, and the Client web applications).

In short, when you browse to https://<your FQDN>/DataMinerCube (or when using the Cube Desktop Application) you will only download Cube over the HTTPS connection. Actually logging in and communicating with DataMiner, will go over .NET Remoting, which does not support TLS encryption, meaning you can still use the IP address. (Because there is no certificate) Of course, you can also use the hostnames everywhere (even without HTTPS enabled). Note that while using the web applications (Dashboards, Monitoring,...) all communication with the DMA is over the HTTP protocol so there the traffic will be encrypted if HTTPS is enabled.

Leaving this aside, you can also enable HTTPS and include the IP Address of your server in the Subject Alternative Names of the TLS certificate. This will also allow you to use the IP Address while using HTTPS. (Side note: this is in fact required when you're running DataMiner Failover with a Virtual IP over HTTPS only). For more information, please see setting up HTTPS.

Alexander Verriest [SLC] [DevOps Advocate] Selected answer as best 2nd June 2022
1
Miloš Sedláček [DevOps Advocate]672 Posted 16th March 2023 0 Comments

Hi all,

I have a situation in our DMS (failover pair) that touches this topic closely, therefore I'm not creating a new question.

Our DMS is IP address based, so no hostnames are in place. We use IP addresses only at this moment.

I have configured the https as per user guide with the self signed certificate that lists the VIP IP address (and other IP addresses of that server) in SAN. The CN configured is the primary IP address of the server. First I kept the http binding in place too. With that configured I can properly connect from a WEB client over https. Cube app works well.

Secondly I removed the http binding. The WEB still works OK, but now I can't connect with cube app.

I noticed that the previously opened cube app (one opened and logged in before http binding removal) are working fine and normally interact with the DMS.

So it seems the cube app uses http in the initial stage (probably downloading actual version). How to change this cube initial communication to https so cube app will work well?

Miloš Sedláček [DevOps Advocate] Answered question 16th March 2023
1
Miguel Obregon [SLC] [DevOps Catalyst]18.56K Posted 2nd June 2022 1 Comment

Hi Alexander,

When you mention 'the connection remains working as normal with IP addresses only.' are you referring that you can still connect via HTTP?

  • Enable only HTTPs (recommended): In this case you need edit the site binding and enable only HTTPs

You should have something similar to the screenshot below:

  • HTTP redirection: Additional information can be found in DataMiner Docs
Alexander Verriest [SLC] [DevOps Advocate] Posted new comment 2nd June 2022
Alexander Verriest [SLC] [DevOps Advocate] commented 2nd June 2022

Yes, I should have mentioned: I did edit the bindings to have https only in IIS.

1
Baptiste Pattyn [SLC] [DevOps Advocate]5.70K Posted 2nd June 2022 3 Comments

Hi Alexander,

Enabling HTTPS also requires changes in IIS. You can find more info on this docs page.

If you want to enforce HTTPS you should also remove the binding for HTTP in IIS manager. That way you will not be able to access it by using the IP address but only by the host name that is present on the certificate you have assigned to the HTTPS binding.

Baptiste Pattyn [SLC] [DevOps Advocate] Posted new comment 2nd June 2022
Gellynck Jens [SLC] commented 2nd June 2022

When enforcing HTTPS it’s also useful to block/disable inbound tcp port 80 (or the HTTP port configured in IIS) in the firewall.

Alexander Verriest [SLC] [DevOps Advocate] commented 2nd June 2022

Yes, I forgot to mention it, but I did update my bindings in IIS to have https only.

Baptiste Pattyn [SLC] [DevOps Advocate] commented 2nd June 2022

Normally the browser should then give a warning that the connection is not secure. If not try to hard reload the page because it is probably cached.

Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Alarm Dashboard PDF/CSV Export 0 Answers | 0 Votes
Is the Microsoft SharePoint Connector Still Usable 0 Answers | 0 Votes
Is the Microsoft SharePoint Connector Still Usable 0 Answers | 0 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (108) Correlation (68) Cube (150) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (139) driver (65) DVE (55) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (151) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) services (51) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin