5.2.1 Server access protocol

By default, Management and Security Server allows browsers to use the HTTP protocol to communicate between the client computer and the Management and Security Server. Although HTTP is universally available, information exchanged using HTTP is sent in clear text and is vulnerable to unauthorized access.

To secure your passwords and other sensitive data, we recommend that you require browsers to connect to Management and Security Server using the HTTPS protocol, which provides TLS encryption. To require HTTPS:

  • Check Require HTTPS for connections to the Management and Security Server.

  • Make sure TLS is enabled on your web server.

    If you installed Management and Security Server with the automated installer, TLS is enabled with a self-signed server certificate.

    NOTE:When users first request a session, they may see a warning that the certificate is not trusted by their browser. Generally, users can choose to permanently accept the certificate.

    If your web server uses a certificate signed by a popular Certificate Authority, most browsers are able to establish a TLS connection without going through the security warning.

Use the HTTPS Certificate Utility to manage the Administrative Server certificate. The HTTPS Certificate Utility installs with Management and Security Server, and is available from the Start menu.

Related Topics