Security Guide - Using the Default, Non-Trusted Certificate (Configuring Security and Connection Settings for Original WebX Clients)

Using the Default, Non-Trusted Certificate

ATTENTION: This section and associated topics apply to the Original WebX client only.

This topic relates to the HTTPS Support properties that are deprecated and provided as a fallback. The HTTPS Support properties will be removed in a future version of this product.

For improved security, instead of using the settings that are configured in the HTTPS Support section, Original WebX clients are now expected to connect to an IIS reverse proxy which connects to the Listen Port (see Define the Listen Port Settings for Original WebX Clients).

We recommend that you obtain a trusted certificate for use with Original WebX, as trusted certificates offer better protection against unauthorized system access. However, it is possible to use the non-trusted certificate that is generated automatically by Geo SCADA Expert.

You can either:

Obtain a public signed certificate from a zero cost provider.
Create a self-signed certificate.

For more information, see the Geo SCADA Expert Knowledge Base.

NOTICE

SECURITY THREAT

Using a non-trusted certificate could compromise your system security. Installing a non-trusted certificate could compromise your system security. Potentially, it could lead to unauthorized access. For this reason, we strongly recommend that you use a trusted certificate.

Failure to follow these instructions can result in equipment damage.

Non-trusted certificates should only be used if a trusted certificate is not available and your business network is secure. (Although we still recommend that you use trusted certificates, even with secure networks).

If you use a non-trusted certificate, logging on via an Original WebX client will result in:

A Certificate Error page being displayed.
The Certificate Error page warns you that using the non-trusted certificate could compromise system security. It also provides you with two options:
- Click here to close this webpage
- Continue to this website (not recommended).
If your network is secure and you are willing to acknowledge the potential security issues relating to a non-trusted certificate, select Continue to this website (not recommended). You are logged on to Original WebX, which uses the default non-trusted certificate.

Or:

Getting logged on to Original WebX without an error page being shown. This occurs if the Warn On Self-Signed Certificate check box is clear (not selected) in the deprecated HTTPS Support section of the WebX settings on the Server Configuration Tool. For more information, see Define whether the Self-Signed Certificate Warning is Shown in Original WebX.
If no error message is displayed, Original WebX is using the default non-trusted certificate automatically (unless a trusted certificate was in place).