Date printed: 12-02-2023 Last updated: 02-23-2022
To view our complete support knowledge base and most current version of this article visit support.timeips.com.
The Enterprise Enhanced Security Module (IPSSEC) adds client data encryption, secure web pages, enhanced firewall protection, and custom or auto-generated SSL certificates for added network security.
Most modern web browsers now show a security warning for any site not using SSL (HTTPS) mode. To have TimeIPS operate in HTTPS mode, an SSL certificate is required.
TimeIPS can generate a self-signed certificate. This is a good way to test SSL/HTTPS without the cost/hassle of a signed certificate. For small installations where only a handful of employees access TimeIPS, this may be suitable for a permanent configuration. However, most production environments will prefer a signed certificate to avoid browser warnings and the need to manually accept the self-signed certificate on each browser.
There are two ways to install a signed certificate for TimeIPS.
Further details on the two options follow:
Once you have a certificate installed, the option to view the Certificate Signing Requst (CSR) will appear. Click the link to expand the area and show the CSR so it can be copied and pasted to a signing authority.
The exact steps are a little different for each signing authority, but generally, you'll be presented with a web page were you can paste the CSR and submit it. The process of creating a signed certificate is usually just a few minutes. Some authorities will allow downloading the certificate immediately. Others will email the certifitcate. The signing authority may ask about the environment where the certficitcate will be used. If so, specify that you need to have the certificate in a format for use with the Apache 2 Web server.
If the signing authority provides the signed certificate by email, or on a web page, you'll need to copy-paste into a simpe text file, using a text editor such as notepad. Save the files so they can be selected by clicking the Browse... button in TimeIPS.
If the signing authority provides a Chain File, make sure it's also in a file. Click Browse... and select it as well.
Then, click "Upload Certificate." This will replace the self-signed certificate with the signed certificate. It may be necessary to close and reopen your web browser to have this take effect and show the site as secure.
Using a self-signed certificate:
If you chose to Generate a new certificate it will be "self-signed." This means that web browsers will not automatically know it's a valid certificate. To continue using this, you must manually acknowledge that you trust the certificate on any browser that will access TimeIPS.
Starting with recent version of Firefox, password entry fields may show a warning if https mode is not used. To resolve this issue, either use IPSSEC and access TimeIPS via https, or disable the warning in Firefox.
To disable the warning, enter "about:config" in the url box for Firefox. A notice may appear, click to continue. Then, enter in the search box:
Double-Click the "value" box and set it to "false"