SSL Settings

Description

Options for configuring SSL support on the Application Server.

Discussion

The Application Server optionally supports SSL for secure, encrypted transmissions. This support is particularly valuable in e-commerce applications.

The Application Server responds on the port specified on the General tab of the Control Panel. If you use port 81 and enable SSL, your URL would be https://:81. If you run SSL on port 443 instead, you can simplify your URL to https://.

SSL settings tab
If you have SSL enabled, the Application Server will not respond to any http:// URL, no matter what number port you are using.

 Enable SSL Settings

Setting
Description
Enable SSL

Enables or disables SSL on the server.

Server Port

The default SSL port is 443. Any other port will require tha you use a URL including the port number (e.g. https://mysite.org:444

 Minimum Protocol Version

The minimum TLS protocol version supported by the Standard Application Server can be specified using the Minimum Protocol Version. This setting allows TLS 1.0 and TLS 1.1 to be completely turned off, if desired.

TLS 1.2 is the most recent protocol and generally considered to be the most secure. Setting the minimum TLS version to 1.2 will disable TLS 1.0 and TLS 1.1 and provide what is currently considered the highest level of security. Note however that not all older web browsers or operating systems support TLS 1.2. Site administrators should evaluate the needs of their users before modifying this setting.

The following TLS protocols are available:

Minimum Protocol
Description
TLS 1.0

Default setting. Prevents unexpected client connectivity issues.

TLS 1.1

Disables TLS 1.0.

TLS 1.2

Disables TLS 1.0 and TLS 1.1. TLS 1.2 may not be supported on older browsers.

 General Settings

SSL Certificate File

The file containing the SSL certificate.

Private Key File

The private key file that matches the specified SSL certificate.

Private Key Password

The password for the private key file, if required.

Certificate Chain File

The certificate's chain file, if required or provided by the Certificate Authority. This is sometimes also referred to as the "intermediate certificate" or "intermediate bundle".

SSL Cipher List

A list of SSL ciphers to use.

Generate a Self-Signed Certificate

Creates a self-signed certificate for the server. A self-signed certificate is useful for testing intranet applications.

Generate a CSR (Certificate Signing Request)

Used when purchasing a certificate from a Certificate Authority (CA).

HTTP Strict Transport Security

Configure how HTTP Strict Transport Security is used on the server.

Enabled

Enable or disable HTTP Strict Transport Security.

Maximum Age

in seconds.

 About SSL Certificates

A certificate enables a web server to tell its web clients its name and its public key, to be used for encrypted (SSL) communications. There are two types of certificates.

  • Self-signed - good for testing and internal private applications, but not suitable for external public applications
  • Issued by trusted companies, such as Thawte and Verisign - good for public applications

To get a certificate from a trusted company:

  1. Generate a Certificate Signing Request (CSR) for the server where the certificate will be installed. Be sure to keep the private key created as part of the CSR generation. It will be needed when you receive your certificate.

  2. Send this information to one of the trusted companies. Typically, you will paste it into a web form, but the methods vary.

  3. When you receive your certificate:

    1. Select the Enable SSL checkbox.

    2. Click the Browse button to navigate to and select the SSL Certificate File.

    3. Click to navigate to and select the Private Key File.

    4. Enter your password into the Private Key Password control. This is the password chosen during CSR generation.