Securing Web Console with a HTTPS Certificate

Securing Web Console with a HTTPS Certificate

Binding a HTTPS certificate to your CurrentWare Server will allow your administrators to securely access the CurrentWare Web Console using HTTPS protocol.

For your convenience, the installer comes pre-shipped with a CurrentWare SSL certificate called console.currentware.app. It is installed during the cwServer installation. Follow the steps below to configure this SSL certificate on your cwServer.

Due to certain security restrictions with Firefox and Microsoft Edge, this guide is only compatible with Google Chrome.



1. Binding the console.currentware.app Certificate to your cwServer’s IIS (RestAPI & WebConsole)

  1. From the Start menu, type in IIS and click Internet Information Services (IIS) Manager.
  2. In the Internet Information Services (IIS) Manager, under Connections, expand your server’s name, expand Sites, and select RestAPI.
  3. In the Actions menu (on the right hand side), select Bindings
  4. The next step is a bit delicate.
  5. Add a new Site Binding.
  6. Select Type: https
  7. For IP Address, leave it as All Unassigned.
  8. Put Port: 443
  9. Select SSL certificate: console.currentware.app
  10. Click OK

  1. Select the existing http binding with port 8997 and click Remove*
  2. Modify the https that you just created and update the port to 8997
  3. Go back to the Internet Information Services (IIS) Manager and select Sites > WebConsole. (Repeat the same step for WebConsole but use port 8998 instead of 8997).
  4. In the Actions menu (on the right hand side), select Bindings
  5. The next step is a bit delicate.
  6. Add a new Site Binding.
  7. Select Type: https
  8. For IP Address, leave it as All Unassigned.
  9. Put Port: 443
  10. Select SSL certificate: console.currentware.app
  11. Select the existing http binding with port 8998 and click Remove*
  12. Modify the https that you just created and update the port to 8998 (don’t use 8997!)

*NOTE: The original HTTP (not HTTPS) entries are holding on to port 8997 and 8998. You cannot overwrite it with the new HTTPS binding. You must delete the HTTP entries first before you add the new HTTPS bindings. It is not recommended to have multiple bindings.


2. Modifying the app-config.JSON file on your CurrentWare Server

To get the CurrentWare Web Console to use the HTTPS certificate, you will need to update the app-config.json to point to the new domain.

On the cwServer computer, browse to C:\Program Files (x86)\CurrentWare\cwWebConsole\WebConsole\. Open the app-config.JSON file in notepad.

Option 1: Accessing Web Console inside your LAN only

Update the app-config file to include the SSL certificate of the CurrentWare Web Console.

{“API_URL”:”https://console.currentware.app:8997/api/”}

Option 2: Accessing Web Console inside and outside your LAN

Update the app-config file to include the public IP address of your CurrentWare Web Console.

{"API_URL":"https://XXX.XXX.XXX.XXX:8997/api/"}
User accessing the Web Console from outside your LAN will see the "Not Secured" icon on their browser's address bar. 

3. DNS Mapping

After the currentware.app certificate is configured successfully onto your cwServer, you will need to configure your computer or router to map the CurrentWare Web Console domain to your public IP address.

There are two ways to to this:

  1. Editing the hosts file locally on your computers
  2. Editing the DNS Server on your network devices (i.e. Router / Modem)

Note: Users accessing the web console from outside the network will encounter a security warning from Chrome (“Not Secured”). They must also update the host file on their computers to get past the login.

Option 1: Edit Your Hosts File locally

Use the hosts file to map the currentware.app domain to your server’s IP address. When you type in currentware.app on your computer, it will automatically point to the IP address of your CurrentWare Server.

You will need to modify the hosts file on all of your IT administrator’s computers.

  1. On your computer, browse to C:\Windows\System32\drivers\etc\.
  2. Right click on the hosts file and select Open with > Notepad.
  3. Add the following entry to the bottom of this file.

Public IP address or LAN IP address* console.currentware.app


*Use a public IP address if you are accessing the web console from outside the network. Use an internal IP address if you are accessing the web console from your LAN only.

  1. Save the hosts file. If it says you don’t have permission to save this file, you can save it in a different location and copy it over to the folder and overwrite it. When you’re saving the hosts file, make sure you select “All Files” as the Save as type and NOT txt. If you save the hosts file as txt, the DNS mapping will not work.

Do you have users accessing the Web Console from outside your LAN?

You will need to update the host file on every console computer outside your LAN in order to access the web console using this method.


Option 2: Modifying the DNS settings on your router

Instead of editing the hosts file on your computers, you can opt to modify the DNS settings on your router. By doing this, you are asking your router to resolve the domain, currentware.app, to the IP address of your CurrentWare Server. This can be done by visiting your router configuration page.

Every router configuration is different. Follow your router’s user guide to find out how to modify the DNS settings.


4. Accessing the Web Console

Now you’re ready to launch web console with the newly binded HTTPS protocol. Open your favorite web browser and type in the following URL:

https://console.currentware.app:8998

Update the Desktop Shortcut to the CurrentWare Web Console

The existing CurrentWare Console shortcut on your desktop will become invalid. Right click on it and select Properties. Under the Shortcut tab, modify the Target to point to this location:

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://console.currentware.app:8998/

Summary

StepsAccessing Web Console inside your LAN onlyAccessing Web Console inside and outside your LAN
1. Binding the console.currentware.app certificateBind 8997 to Rest API
Bind 8998 to WebConsole
Bind 8997 to Rest API
Bind 8998 to WebConsole
2. Modifying the app-config.JSON Use the domain name: {“API_URL”:”https://console.currentware.app:8997/api/”}Use the public IP: {“API_URL”:”https://XXX.XXX.XXX.XXX:8997/api/”}
3. Edit Your Hosts FileEdit the Hosts file on every console computerEdit the Hosts file on every console computer
4. Accessing your Web Consolehttps://console.currentware.app:8998From inside your LAN, browse:
https://console.currentware.app:8998

From outside your LAN, browse:
http://XXX.XXX.XXX:8998

Related KB article: Updating the console.currentware.app certificate for securing your CurrentWare Web Console


    • Related Articles

    • Update the console.currentware.app certificate

      Related KB article: Securing Web Console with a HTTPS Certificate Download the updated console.currentware.app certificate from https://www.currentware.com/downloads/files/console.currentware.app.zip Go to start menu > type in mmc > Launch mmc.exe Go ...
    • Enable the HTTPS Certificate in Firefox

      Firefox has some default restrictions that are different from Edge, Chrome, and other browsers. This causes issues when pages try to load a locally hosted HTTPS certificate. Please follow these steps to resolve Step 1: Enabled Security Enterprise ...
    • Web Console Login Issues

      When the CurrentWare Web Console is not configured properly, you will encounter the error message "Error connecting to the server." 1. Clear your Browser Cache Why does my Web Console login screen open on one web browser but won’t open on a different ...
    • Accessing Web Console Over a Public IP Address

      Once you have CurrentWare Web Console installed on your computer, you can make it accessible to other admins outside the company’s network by performing the following configurations: Configure Port Forwarding Update your app-config.JSON file 1. ...
    • ERR_CONNECTION_RESET error while accessing the Web Console

      Starting from version 8.0.1, the Web Console ensures secured access by using the HTTPS protocol. If you encounter an error message while attempting to access the web console, stating “This site can’t be reached. The connection was reset,” accompanied ...