Index


Overview

A Statseeker installation includes a configured and enabled web server to deliver the Statseeker User Interface. By default, a fresh install of Statseeker 5.4.2+ will use HTTPS and be configured with a self-signed SSL certificate. Statseeker servers which were initially installed from earlier versions may not have HTTPS enabled, as web server configurations are not modified on upgrade.

[top]


Enabling HTTPS

By default, installing Statseeker 5.4.2+ will enable HTTPS, but servers installed from earlier versions (and upgraded to 5.4.2+) may still be running in HTTP.

Note: during the upgrade process to 5.4.2+, Statseeker will generate a self-signed SSL certificate if it is unable to locate another certificate on the Statseeker server.

To enable HTTPS:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)

  • check Enable HTTPS and click Save

The web server will:

  • Display details of which certificate will be used in the SSL Certificates section
  • Restart in HTTPS mode
Note: modern browsers will:

  • See connections to HTTP servers to be suspect/insecure and alert the user to the issue
  • See HTTPS connections to servers with self-signed certificates to be suspect/insecure and alert the user to the issue
  • Cache HTTPS connection records so, once a browser has connected to a server via HTTPS, any subsequent attempt to connect to that domain via HTTP will be redirected to HTTPS by the browser (until the cached record is removed by the user)

[top]



Redirect HTTP to HTTPS

The web server configuration allows you to redirect all HTTP connections to HTTPS. To configure this redirection:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Check HTTP Redirect
  • Click Save to confirm the change and restart the web server
Note:

  • HTTP Redirect requires that HTTPS is enabled on that web server
  • If HTTPS is enabled, HTTP requests to the API will be redirected to HTTPS via a 308 response code and some older user agents may not handle this. Update your API scripts to use HTTPS.

[top]



Editing the cipher List

::: WARNING :::

  • If the Statseeker cipher list does not contain a cipher shared by the browser's cipher list, then the web interface will be unreachable via that browser
  • Typically, there is no need to edit this list

This is an advanced feature and should only be used in accordance with well understood requirements to respond to very specific needs.

To edit this list:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Check Override cipher list
  • Replace the content of the displayed cipher list with your required list of comma-separated values and click Close
  • Click Save to commit your changes and restart the web server

[top]



SSL Certificates

The Statseeker web interface is delivered via the Statseeker web server. An installed SSL certificate is required for HTTPS connections to the web server, and Statseeker allows you make use of either a self-signed certificate, or a certificate signed by a signing authority.

If Statseeker (version 5.4.2 and above) cannot locate an SSL certificate, it will create a self-signed certificate during the install/upgrade process which can be used for HTTPS connections. You can use this self-signed certificate, upload another existing certificate, or create a certificate signing request to be passed to a signing authority to create a signed certificate.

[top]


Creating and Installing a Self-Signed Certificate

To create a self-signed certificate:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Self-Signed Certificate from the SSL Certificates > Step 1 drop-down

Field Description
Host name
Country name (2 letter code) Two-character ISO format country code
State or province State or province in which the company is registered/licensed
Location (city) Location/city in which the company is registered/licensed
Organization Legal name under which the organization was registered/licensed
Organizational Unit (optional) The organizational unit within the company e.g. Marketing
Email address (optional) An email address to be associated with the management of this certificate
Note: the certificate also makes use of the server domain as configured during the installation process. This value is retrieved from the server configuration, so there is no need to supply it during certificate configuration.


  • Configure the certificate information as needed and click Save

A confirmation prompt will be displayed, advising you that updating the active certificate will initiate a web server restart. This does not affect Statseeker's ability to monitor your network, but will result in the web interface being unavailable until the reboot is complete (typically, 10-30 seconds).

[top]



Creating a Certificate Signing Request (CSR)

A certificate Signing Request is required to generate an SSL certificate from a third-party certificate signing authority (CA). A certificate from an established and recognized CA will be interpreted by browsers as a 'trusted' certificate, and consequently, that your Statseeker server web interface is a trusted destination.

When creating a CSR, Statseeker first generates a private encryption key, then generates the CSR using this private key. You then pass the CSR on to a trusted CA and they will supply the signed certificate to use with your server. The resulting certificate is generated to work with your private key, consequently, Statseeker will prevent the uploading of SSL certificates that have been generated in response to another signing request i.e. utilizing a different private key.

To create a CSR:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Certificate Signing Request from the SSL Certificates > Step 1 drop-down

Field Description
Host name
Country name (2 letter code) Two-character ISO format country code
State or province State or province in which the company is registered/licensed
Location (city) Location/city in which the company is registered/licensed
Organization Legal name under which the organization was registered/licensed
Organizational Unit (optional) The organizational unit within the company e.g. Marketing
Email address (optional) An email address to be associated with the management of this certificate
  • Configure the certificate information as needed and click Save

A confirmation prompt will be displayed, advising you that creating the signing request will prevent the uploading of SSL certificates that have been generated in response to another signing request.

  • Confirm the creation of the CSR by clicking Save

The CSR will be saved to /home/system/etc/ssl_new on the Statseeker server, and can now be viewed or saved to the local machine or other network-aware repository. Certificate authorities will allow you to either upload a CSR, or paste the content of a CSR into a field. Either way, the CSR will then be used to generate a signed certificate which you can, in turn, download and use to secure your Statseeker server.

Once you have received your signed certificate from the CA you can upload the certificate to your Statseeker server, see Upload a Signed Certificate

[top]



Upload a Signed Certificate

Your selected Certificate Authority will respond to your certificate signing request with a signed certificate that can be uploaded to your Statseeker server.

To upload a signed certificate to your Statseeker server:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Certificate Signing Request from the SSL Certificates > Step 1 drop-down
  • Select Browse, locate and select your signed certificate
  • Click Upload Certificate
  • Once uploaded, click Save to restart the web server

No changes are made to your existing certificate configuration prior to successfully uploading a new signed certificate and then clicking Save. Once you click Save, the existing configuration is discarded and the new certificate and key will be used by your Statseeker server.

[top]



Upload a Signed Certificate and Private Key

This process is used when you have an existing signed certificate and its associated private key. To upload:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Upload Certificate and Key from the SSL Certificates > Step 1 drop-down

  • Select Browse, locate and select your private key
  • Click Upload Key
  • Select Browse, locate and select your certificate
  • Click Upload Certificate
  • Once uploaded, click Save to restart the web server

No changes are made to your existing certificate configuration prior to successfully uploading a both the key, and the signed certificate, and then clicking Save. Once you click Save, the existing configuration is discarded and the new certificate and key will be used by your Statseeker server.

[top]