Certificate Overview

For strong security, you can use a server certificate that you purchase from a Certificate Authority (CA) that is trusted by the client operating system. The CA will require a Certificate Signing Request (CSR).

When you install Webspace, there is also an option on the install menu to Install Certificates which allows you to create a certificate.

Important: When using the certificate installed with Webspace and Strong Encryption, you cannot start a Webspace session with the IP address of the WebSpace server. The IP address cannot be used for the host name. Use the Full Computer Name in the URL instead.

Optionally, you can create your own certificate authority as well. There are many third-party applications and systems to assist in the creation and maintenance of a certificate authority that interoperate with the OpenSSL toolkit. These tools should be able to generate signed server certificates for use with Webspace without modification.

How to Install a Self-Signed Certificate from the Webspace Install Menu

  1. To view the installer menu, open the Installfrontend.exe on the install media.
  2. Click the Install Certificates option. The Webspace Certificate Configuration Tool appears.
  3. Leave the defaults, or make changes as necessary to the folder and file names, and so on. After doing any changes in configuration, click Update Configuration.
  4. To generate the self-signed certificates and other steps required for certificate binding, click Create and Bind.
  5. Review the status in the Create Certificates, Import Certificates, and IIS Site Binding sections.
  6. If these sections do not appear to update after the action completes, click the Restart IIS Site option. Sometimes you need to restart IIS to see that the binding that was created.
  7. Close the Webspace Certificate Configuration Tool.

Important Information When Working with a Relay Server

For a Relay Server to work with Strong Encryption, install the Relay Server Root certificate on Webspace Dependent Server and all clients. The Failover Relay Server with Strong Encryption is not supported.

How to Troubleshoot or Repair a Lost/Corrupted Certificate Created from the Webspace Install

  1. From the Webspace install menu, click the Install Certificates option. The Webspace Certificate Configuration Tool appears.
  2. Click Create and Bind. This action regenerates the self-signed certificates.
  3. Review the status in the Create Certificates, Import Certificates, and IIS Site Binding sections.
  4. If these sections do not appear to update after the action completes, click the Restart IIS Site option. Sometimes you need to restart IIS to see that the binding that was created.
  5. Restart the Webspace Certificate Configuration Tool by clicking the Install Certificates option from the installer menu again, and review the status in those sections again.

Example of a Successful Certificate Installation

How to Select the Server Certificate in the Webspace Admin Console

  1. Launch the Webspace Admin Console, and select Tools and then Host Options.
  2. Select the Security tab.
  3. Change the Transport to Encrypted and increase the Encryption to 256-bit AES, if you have a high-encryption license. If not, leave it at 56-bit. The option to increase is only available if your license includes the Strong Encryption option.
  4. In the Certificate field, browse to the Proficy_WSServer.crt created in default certificate folder: C:\Program Files\Proficy\Proficy WebSpace\Programs\ProficyWSCerts\pki (or from whatever the folder it was created) and click OK.
  5. Enable the Notify users when connections are secure for testing purposes.
  6. Click OK.
  7. If you want to start a Webspace session from a different computer, the Proficy_WSRoot.crt certificate file will need to be installed on that system. Copy the Proficy_WSRoot.crt file from the Webspace server folder on local system (by default it is C:\Program Files\Proficy\Proficy WebSpace\Programs\ProficyWSCerts\pki, or whatever folder you chose to create it in), to the destination computer. Double-click the certificate and choose the option to Install Certificate. Install it in the certificate store, Trusted Root Certification Authorities.
  8. Use the Webspace HostName to browse the Webspace session. For encrypted sessions, IP addresses are not supported using the Proficy_WSServer.crt.