Legacy Documentation for Statseeker version 5.5.4

Index


Overview

A Statseeker installation includes a configured and enabled web server to deliver the Statseeker User Interface. By default, a fresh install of Statseeker will:

  • Accept both HTTP and HTTPS
  • Redirect all HTTP connection attempts to HTTPS
  • Be configured with a self-signed SSL certificate
  • Have both Token TTL and Refresh periods set to 30 minutes
  • Have the API authentication method set to Token

[top]


Enabling HTTPS

By default, currently supported Statseeker versions are installed with both HTTP and HTTPS enabled, and redirect HTTP traffic to HTTPS. Servers installed from earlier versions and then upgraded may still be running in HTTP in some instances.

To enable HTTPS:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top-right corner)

  • check Enable HTTPS and click Save

The web server will:

  • Display details of which certificate will be used in the SSL Certificates section
  • Restart in HTTPS mode
Note: modern browsers will:

  • See connections to HTTP servers to be suspect/insecure and alert the user to the issue
  • See HTTPS connections to servers with self-signed certificates to be suspect/insecure and alert the user to the issue
  • Cache HTTPS connection records so, once a browser has connected to a server via HTTPS, any subsequent attempt to connect to that domain via HTTP will be redirected to HTTPS by the browser (until the cached record is removed by the user)

[top]



Redirect HTTP to HTTPS

The web server configuration allows you to redirect all HTTP connections to HTTPS. To configure this redirection:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Check HTTP Redirect
  • Click Save to confirm the change and restart the web server
Note:

  • HTTP Redirect requires that HTTPS is enabled on that web server
  • If HTTPS is enabled, HTTP requests to the API will be redirected to HTTPS via a 308 response code and some older user agents may not handle this. Update your API scripts to use HTTPS.

[top]

Authentication Token Settings

Statseeker offers token-based authentication, with users being authenticated via the following methods:

  • File – authenticated directly with Statseeker server. The Statseeker admin account (an Apache user account used to manage the Statseeker installation), uses the file authentication method.
  • LDAP – use your existing Active Directory/LDAP authentication to manage access to Statseeker
  • RADIUS – use your existing RADIUS server to manage access to Statseeker
  • SAML – a SAML 2.0 driven single sign-on service, using your existing SAML Identity Provider (Okta, Azure AD, Auth0, etc.) implementation

When employing File, LDAP or RADIUS authentication, the Authentication Token TTL (time-to live) and Refresh periods are specified in the Web Server configuration.

  • These settings are specified in seconds
  • Tokens expire once their TTL period has elapsed
  • The Refresh period begins once the token’s TTL period has ended
  • Any request made within the refresh period will generate a new token
  • Once a token has expired, and the refresh period has ended, any request made will prompt the user to re-authenticate with Statseeker
  • Statseeker provides for setting default Token TTL and Refresh periods, as well as user specific overrides to these values
Note:

  • The Statseeker admin user account will always use basic file authentication, but additional ‘admin-level’ user accounts can be created and used in preference to this standard server account
  • Only one of LDAP, RADIUS or SAML can be in use with Statseeker at any time, basic File authentication is always available and can be applied on a per user basis
  • If LDAP, RADIUS or SAML is in use, the Statseeker webserver must be configured to use HTTPS (HTTPS is enabled by default on all Statseeker installations)
  • When employing SAML authentication, the token settings defined in Statseeker’s Web Server configuration are only applied to those accounts configured to use basic File authentication (such as the default Statseeker admin account), the tokens used in authenticating via SAML are configured and managed on the Identity Provider side of the integration

[top]

Editing Authentication Token Settings

Statseeker provides for setting default Token TTL and Refresh periods, as well as user specific overrides to these values.

Edit Default Token TTL and Refresh Periods

To update the default Authentication Token TTL and Refresh settings:

  • Select Admin Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Update the token settings (values are specified in seconds) as needed
  • Click Save

On Save, the Statseeker web server will be restarted with the updated settings applied.

Apply/Edit User Specific Token TTL and Refresh Periods

User specific overrides can be set from within the Statseeker User account, see Editing Users and Updating User Preferences.

[top]

Editing the cipher List

::: WARNING :::

  • If the Statseeker cipher list does not contain a cipher shared by the browser’s cipher list, then the web interface will be unreachable via that browser
  • Typically, there is no need to edit this list

This is an advanced feature and should only be used in accordance with well understood requirements to respond to very specific needs.

To edit this list:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Check Override cipher list
  • Replace the content of the displayed cipher list with your required list of comma-separated values and click Close
  • Click Save to commit your changes and restart the web server

[top]



SSL Certificates

The Statseeker web interface is delivered via the Statseeker web server. An installed SSL certificate is required for HTTPS connections to the web server and Statseeker allows you make use of either a self-signed certificate, or a certificate signed by a signing authority.

If Statseeker (version 5.4.2 and above) cannot locate an SSL certificate, it will create a self-signed certificate during the install/upgrade process which can be used for HTTPS connections. You can use this self-signed certificate, upload another existing certificate, or create a certificate signing request to be passed to a signing authority to create a signed certificate.

[top]


Creating and Installing a Self-Signed Certificate

To create a self-signed certificate:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Self-Signed Certificate from the SSL Certificates > Step 1 drop-down

Field Description
Host name
Country name (2 letter code) Two-character ISO format country code
State or province State or province in which the company is registered/licensed
Location (city) Location/city in which the company is registered/licensed
Organization Legal name under which the organization was registered/licensed
Organizational Unit (optional) The organizational unit within the company e.g. Marketing
Email address (optional) An email address to be associated with the management of this certificate
Note: the certificate also makes use of the server domain as configured during the installation process. This value is retrieved from the server configuration, so there is no need to supply it during certificate configuration.


  • Configure the certificate information as needed and click Save

A confirmation prompt will be displayed, advising you that updating the active certificate will initiate a web server restart. This does not affect Statseeker’s ability to monitor your network but will result in the web interface being unavailable until the reboot is complete (typically, 10-30 seconds).

[top]



Creating a Certificate Signing Request (CSR)

A certificate Signing Request is required to generate an SSL certificate from a third-party certificate signing authority (CA). A certificate from an established and recognized CA will be interpreted by browsers as a ‘trusted’ certificate, and consequently, that your Statseeker server web interface is a trusted destination.

When creating a CSR, Statseeker first generates a private encryption key, then generates the CSR using this private key. You then pass the CSR on to a trusted CA, and they will supply the signed certificate to use with your server. The resulting certificate is generated to work with your private key, consequently, Statseeker will prevent the uploading of SSL certificates that have been generated in response to another signing request i.e. utilizing a different private key.

To create a CSR:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Certificate Signing Request from the SSL Certificates > Step 1 drop-down

Field Description
Host name
Country name (2 letter code) Two-character ISO format country code
State or province State or province in which the company is registered/licensed
Location (city) Location/city in which the company is registered/licensed
Organization Legal name under which the organization was registered/licensed
Organizational Unit (optional) The organizational unit within the company e.g. Marketing
Email address (optional) An email address to be associated with the management of this certificate
  • Configure the certificate information as needed and click Save

A confirmation prompt will be displayed, advising you that creating the signing request will prevent the uploading of SSL certificates that have been generated in response to another signing request.

  • Confirm the creation of the CSR by clicking Save

The CSR will be saved to /home/system/etc/ssl_new on the Statseeker server and can now be viewed or saved to the local machine or other network-aware repository. Certificate authorities will allow you to either upload a CSR or paste the content of a CSR into a field. Either way, the CSR will then be used to generate a signed certificate which you can, in turn, download and use to secure your Statseeker server.

Once you have received your signed certificate from the CA you can upload the certificate to your Statseeker server, see Upload a Signed Certificate

[top]



Upload a Signed Certificate

Your selected Certificate Authority will respond to your certificate signing request with a signed certificate that can be uploaded to your Statseeker server.

To upload a signed certificate to your Statseeker server:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Certificate Signing Request from the SSL Certificates > Step 1 drop-down
  • Select Browse, locate and select your signed certificate
  • Click Upload Certificate
  • Once uploaded, click Save to restart the web server

No changes are made to your existing certificate configuration prior to successfully uploading a new signed certificate and then clicking Save. Once you click Save, the existing configuration is discarded, and the new certificate and key will be used by your Statseeker server.

[top]



Upload a Signed Certificate and Private Key

This process is used when you have an existing signed certificate and its associated private key. To upload:

  • Select Administration Tool > Statseeker Administration > Web Server Configuration
  • Click Edit (top left corner)
  • Select Upload Certificate and Key from the SSL Certificates > Step 1 drop-down

  • Select Browse, locate and select your private key
  • Click Upload Key
  • Select Browse, locate and select your certificate
  • Click Upload Certificate
  • Once uploaded, click Save to restart the web server

No changes are made to your existing certificate configuration prior to successfully uploading a both the key, and the signed certificate, and then clicking Save. Once you click Save, the existing configuration is discarded, and the new certificate and key will be used by your Statseeker server.

[top]

API Authentication Method

The authentication method used to communicate with the Statseeker API is independent of that used for user authentication with the GUI. The authentication methods available are:

  • Token – (json web token based authentication) default value for new/fresh installations
  • Basic – (HTTP basic access authentication) default value for servers upgrading from 5.5.3 and earlier

For details on employing these authentication methods in your API requests (including sample code) see API Authentication.

[top]