Proofpoint | ObserveIT On-Premises Insider Threat Management

Enabling SSL/TLS on the ObserveIT Application Server/Web Console Server

When logging on to the Web Console, ObserveIT Console Users enter their credentials in the form of a user name and password. To secure this information and all traffic between the client machine and the server running the ObserveIT Web Console, it is recommended to use either the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption protocol. You can do this by enabling SSL/TLS on the ObserveIT website, and then configure usage on the ObserveIT virtual directory that is used by the ObserveIT Web Console.

Before working with TLS you must configure it to work in ObserveIT. For details, see Configuring ObserveIT to Use TLS for Securing Traffic.

In addition, to enable SSL/TLS encryption between the ObserveIT Agents and the ObserveIT Application Server, once SSL/TLS is enabled on the ObserveIT website, you can configure SSL/TLS usage on the ObserveIT virtual directory that is used by the ObserveIT Application Server. In this way, all traffic between the ObserveIT Agents and the ObserveIT Application Server will also be protected by using SSL/TLS encryption.

In most cases, the ObserveIT Application and Web Management Server components are installed on the same server; however, some clients prefer to install them separately on different servers.

To enable SSL/TLS on the Application Server that hosts the ObserveIT Web Console

  1. Create a digital certificate request by using the Internet Information Services (IIS) Manager MMC snap-in.

  2. Submit the digital certificate request to a Certificate Authority (CA) by using an online process or Web enrollment form, or by sending a text file containing the request to the CA.

  3. After the CA has approved your request, issue and download the digital certificate.

  4. Install the digital certificate on the ObserveIT website using the Internet Information Services (IIS) Manager MMC snap-in.

  5. Configure the ObserveIT virtual directory to require SSL/TLS.

To enable SSL/TLS on the computer that is used to access the Web Console

  1. Configure the ObserveIT Web Console shortcut (or favorite) to use SSL/TLS to communicate with the Web Console. This is done by changing the URL used from HTTP to HTTPS.

  2. Potentially, if using an internal CA for the digital certificate, you might need to configure these computers to trust that CA. This is done by importing the CA's root certificate to the computer(s) that will access the SSL-enabled website.

For further details, refer to the relevant Microsoft Knowledge Base articles, in particular: "There is a problem with this website's security certificate" when you try to visit a secured website in Internet Explorer.

 

version 7.12.3