I'm currently trying to setup our 9 Dataminer servers to use HTTPS to conform with our company security policies so i thought I would start simple and get HTTPS browser access working from one of our production servers to our staging and test server however i've run into a few problems as my in depth IT skills are not the greatest.
- I know that the servers will require a security certificate installed on them to be allocated to the port 443 binding is this the same certificate to be deployed across all the servers?
- I've created a self signed certificate in Windows Server 2019 and copied this to both servers and selected it on the 443 binding but when i try to access via HTTPS in the browser it says the site is not secure then goes on and brings up a certificate error. This happens when i try to access Dataminer via a browser on the local host and also from the other servers.
I've tried following the information on the help topic Setting up HTTPS on a DMA | DataMiner Docs but this doesn't seem to be curing the problem either. I think my stumbling block is all to do with the security certificates. Help!
Oh right. So i’ll need to get one of these created by an external provider. Thought it wasn’t going to be simple lol. Thanks for the info
Hi David,
I would indeed configure all servers to use port 443 for HTTPS traffic. In theory, you could use a different port but if there's no good reason to do this I would use 443.
Browsers will indeed show a warning because your self-signed certificate is not signed by a trusted third-party certificate authority. Now you basically have 2 options:
- You could acquire a certificate from a trusted certificate authority (for example let's encrypt). Most major browsers will automatically trust this. Note this may cost some money. Your IT department should be able to help you with this.
- You can keep using the self-signed certificate but explicitly trust this certificate. To do this in Windows, you can follow this guide from Microsoft. Note you'll have to trust the certificate on every client that connects to your DataMiner.
Hi Jens. Thanks very much for that. I will try option 2 as a test to make sure i’ve got my head round how to set this up but guess my company will be getting the cheque book out for option 1 as well
Further to my question i can see there are a few different security certificates and i’m trying to confirm which one i would require
My understanding is as follows:
• Private Trust Client Authentication Certificate – Only required if not web based
• Public Trust Webserver certificate – for webservers if they are internet/client facing
• Private Trust Webserver Certificate – For internal only webservers (Vodafone internal)
So if i’m connecting from an access server using the Dataminer Cube Client Software to our Dataminer servers then the one i’d be needed to get would be the Private Trust Client Authentication Certificate?
Hi David, I think you will need a “Private Trust WebServer Certificate”, which is also known as a self-signed certificate. A “Private Trust Client Authentication Certificate” would be used to authenticate yourself (as a client) to the webserver of DataMiner. Instead, you want the webserver to authenticate itself to the client, which is likely the “Private Trust WebServer Certificate” you refer to.
Hi David,
1. You can certainly deploy the same certificate across all servers.
2. You are probably having this error because you are using a self-signed certificate that is not trusted by your computer. You will need a certificate generated by a trusted CA (Certificate Authority) to get your browser to show it as a safe website.