Obseron supports encrypted remote connections by default when remote server is enabled. HTTPS must be toggled on when the web server is enabled.
Obseron generates a self-signed certificate that will be used for both encrypted connections. This certificate can be replaced with a new one from a trusted Certificate Authority.
Remote connection
Encryption policy for the server can be changed from Settings > System > Local server > Encryption policy and for the client from Settings > Remote Connections > [Added remote connection] > Encryption policy. The options are:
Prefer encrypted connections - Server accepts both unencrypted and encrypted connection. Client attempts an encrypted connection but falls back to an unencrypted one in case the encrypted fails.
Only allow encrypted connections - Server accepts only encrypted connection. Client only attempts an encrypted connection.
Never use encryption - Server does not accept encrypted connections. Client only attempts an unencrypted connection.
Server settings
Client settings
The lock icon on the connection status indicates that the connection is encrypted.
Web server
Web server starts with only HTTP enabled by default. This can be changed from Settings > System > Web server > Protocols. The options are:
HTTP only - Server does not accept encrypted connections.
HTTPS only - Server accepts only encrypted connection.
HTTP and HTTPS - Server accepts both unencrypted and encrypted connection.
Changing the certificate
The certificate can be replaced from the configuration folder %appdata%\Obseron\, the certificate is in a server.pem file and it is in PKCS#8 PEM format.
An example on how to convert private.key from PKCS#1 to private_pkcs8.pem (PKCS#8):
openssl pkcs8 -topk8 -inform pem -in private.key -outform pem -nocrypt -out private_pkcs8.pem
Comments
0 comments
Please sign in to leave a comment.