This section and associated topics primarily apply to the Original WebX client only. However, if you are using Mimics in WebX, you still need to configure the Certificates for Original WebX.
To help protect your system against unauthorized access, ClearSCADA uses certificates for Original WebX clients.
The certificates allow the ClearSCADA server to use encryption for client-server communications.
There are two types of certificate that ClearSCADA can use for Original WebX:
- Trusted certificates—These SSL certificates need to be purchased from Certifcation Authorities, such as VeriSign, GlobalSign, DigiCert, GoDaddy, and StartCom.
We strongly recommend that you use trusted certificates with your ClearSCADA system.
- Non-trusted certificates—Non-trusted certificates do not provide authentication, where the client cannot tell if the certificate is legitimate. NOTICE
SECURITY THREAT
Using a non-trusted certificate could compromise your system security. Installing a non-trusted certificate could compromise your system security. Potentially, it could lead to unauthorized access. For this reason, we strongly recommend that you use a trusted certificateFailure to follow these instructions can result in equipment damage.However, if you are willing to acknowledge a lower level of security, you can use the default non-trusted certificate provided with ClearSCADA in an internally managed network environment.
If a server generated non-trusted SSL certificate is used, the client will display warning messages when users access the system. The exact warning message depends on the browsers, but typically might be "There is a problem with this website’s security certificate". Some users may find these warning messages distracting, although they do not affect their ability to interact with your ClearSCADA system.
If a trusted SSL certificate is used, the client is able to verify that it is connecting to the expected server, and so there are no warning messages shown when a client accesses the secure web server ports.
We recommend that you purchase trusted SSL certificates for your web servers so that users do not receive distracting warning messages. We also recommend you review your security options and establish appropriate security for your web server.
Recommended security:
- Purchase and install a web server certificate
- Disable "Allow logon and database writes over non-secure HTTP"
- Use a proxy server or proxy firewall for communications with Original WebX clients.
Maximum security:
- Purchase and install a web server certificate
- Disable "Allow logon and database writes over non-secure HTTP"
- Disable HTTP port(s)
- Use a proxy server or proxy firewall for communications with Original WebX clients.
Not recommended:
- Use the default server generated non-trusted web server certificate
- Enable "Allow logon and database writes over non-secure HTTP".