Define the Ports Settings for Original WebX Clients
This section is primarily associated with Original WebX. If you change the default settings you must also ensure they are registered in IIS to allow certain features in WebX to work correctly. Contact the IIS Administrator if you change the default port settings in this section.
There are two sets of web ports:
- Non-secure web ports—These ports allow a Original WebX client to access ClearSCADA via the standard http protocol.
The standard http protocol is not encrypted. The communications traffic between the client and server can be seen by anybody who has physical access to the network and appropriate network monitoring tools.
- Secure web ports—These ports allow a Original WebX client to access ClearSCADA via the secure https protocol.
The standard https protocol is encrypted. If somebody is monitoring the network, they will be unable to see the content of the traffic between the client and server.
When a web browser accesses a web server via the secure sockets protocol (https), the web browser will request the server's SSL certificate. The web browser uses the information in the certificate to:
- Check that the web browser is communicating with the correct web server
- Establish a secure encrypted connection to that web server.
If an administrative user has not already configured an SSL certificate in the web server, ClearSCADA will automatically create a top-level non-trusted SSL certificate for that web server (see Define the Certificates Settings for Original WebX Clients).
Use the WebX section of the Server Configuration Tool to define the Ports settings for the Web server.
- Define whether the non-secure (http) web server port is available for use by using the HTTP settings in the Ports section:
Either:
- Select the check box for the HTTP port to enable the non-secure port for the Web server. This will provide unsecure access—the data in the traffic between the ClearSCADA server and the Original WebX client is not encrypted and may be susceptible to unauthorized access.
- Enter the number of the port used for the XML Web server in the field next to the HTTP check box. The default setting is 80, but this is often used by other web servers (for example, Microsoft IIS) and so you may need to change it. You should change it to an available port (typically, the high port numbers are available).
Or:
- Clear the check box for the HTTP port to disable non-secure ports for Original WebX.
For maximum security, we recommend that you disable the HTTP Ports and also disable (clear) the Allow Logon and Database Writes Over Non-Secure HTTP check box (see Define the Access Settings for Non-Secure Original WebX Connections).
- Define whether the HTTPS Web server port is available for use by using the HTTPS settings in the Ports section:
Either:
- Select the HTTPS check box to enable secure ports for the Web server. This will provide secure access—the data in the traffic between the ClearSCADA server and the Original WebX client is encrypted and is not susceptible to unauthorized access.
To provide secure access, ClearSCADA generates a top-level non-trusted SSL certificate. This type of certificate causes a warning message to be displayed, which can be distracting to some users. You can stop the warning message from appearing by using a trusted SSL certificate (see Define the Certificates Settings for Original WebX Clients).
- Enter the number of the port used for the Web server in the field next to the HTTPS check box. The default setting is 443, but this is often used by other web servers and so you may need to change it. You should change it to an available port (typically, the high port numbers are available).
There is no standard alternative port address—we recommend that you refer to the Internet Engineering Task Force website at
http://www.IETF.org/rfc
and search for RFC 1700 for details about which port numbers are available.When the secure port is enabled it always returns this port value to be used by the WebX Server. If this port is using a self signed certificate then WebX Server will not display any ActiveX content, for example mimics.
Or:
- Clear the HTTPS check box to disable secure ports for Original WebX.
If you disable both the HTTP and HTTPS ports, Original WebX clients will be unable to connect to the Web server. In addition certain features in WebX will not function correctly.
- Select the HTTPS check box to enable secure ports for the Web server. This will provide secure access—the data in the traffic between the ClearSCADA server and the Original WebX client is encrypted and is not susceptible to unauthorized access.
If communications between the Web server and Original WebX clients are to go via a proxy server or proxy firewall, you will need to map the above Port numbers to the corresponding Proxy ports in the relevant intermediary application. You will also need to specify those settings in ClearSCADA (see Define the Proxy Settings for the Web Server).
When you have defined the Ports settings, you can proceed with the configuration of the other Original WebX settings, such as the Proxy settings. If you do not need to define any other Original WebX settings, you can right-click on the server icon and select the Apply Changes option to implement the changes.