Use Web Configurator via HTTPS without browser warnings
TopView's Web Configurator documentation provides instructions for generating a self-signed certificate. Because self-signed certificates are not backed by a Certificate Authority, modern web browsers may display warnings of an insecure connection which can easily confuse operators and users of the application.
For production use, especially if the site is exposed publicly, we recommend purchasing a valid certificate from a legitimate Certificate Authority, like DigiCert or Let's Encrypt (letsencrypt.org.
If Web Configurator is on a local network, or within a DMZ, it is possible to generate certificates that browsers will accept without warning.
Self-signing certificates and using a custom CA certificate is inherently insecure and done at your own risk.
You can generate a custom CA certificate and another certificate for Web Configurator using FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates.
- Download the mkcert tool from the link above onto the TopView/Web Configurator computer
- For Windows, you can download the portable exe from the Releases ยท FiloSottile/mkcert (github.com) page.
- Install the CA certificate with mkcert using;
- mkcert -install
- Generate a PFX certificate for TopView Web Configurator to use. Recommended command:
- mkcert -pkcs12 [ip address of TopView computer] [hostname of TopView computer] [...any other addresses by which this site may be accessed]
- Note: you can try multiple times to get it right. The password is defaulted to "changeit"
- Change the generated certificate's extension to "pfx"
- Set Web Configurator to use this new certificate instead of your previous self-signed one.
Then you can install the CA certificate on any client computers that need to access the Web Configurator, this will cause browsers to trust any sites coming in with a certificate backed by the CA certificate.
Follow instructions from Installing the CA on other systems on any computers that will access the Web Configurator.
At this point, you should be able to see the client computer's browser trust the Web Configurator's certificate. You will need to connect via an address specified in the step generating the certificate for the Web Configurator.
This method also works for our recommended MultiTech rCell 100 devices. You can generate modems certificates backed by the CA certificate and client computers will trust the modems as a result.
Related Articles
Use Gmail for TopView email notification
The following information provides details on using Gmail with TopView for both outgoing email (Notification) and incoming email (Alarm Acknowledge and information requests). TopView supports SSL/TLS for both outgoing and incoming email (for TopView ...How to improve MultiTech rCell modem performance (SMS)
This article provides information for users experiencing performance issues with the MultiTech rCell modem used for TopView SMS notification. Symptoms The user cannot log into the modem web UI When logging into the modem web UI, the screens are slow ...Issue: Incoming SMS message with no sender (MultiTech rCell modem)
This issue can potentially affect TopView v7.2 and earlier users who implement SMS notification using the MultiTech rCell 100 modem. This issue is only related to incoming SMS messages (e.g. alarm acknowledge). Background When TopView pulls incoming ...Web server open error: "HTTP could not register URL"
The TopView Application log may show the following error message: Web server open error: HTTP could not register URL http://+:7170/. Your process does not have access rights to this namespace. Background The TopView Mobile Web App communicates to ...RSLinx OPC Server error "Class is not licensed for use"
After upgrading to TopView version 7.x we are aware of an issue where The TopView Configurator is able to successfully connect to the local RSLinx OPC Server The TopView Engine fails to connect to the local RSLinx OPC Server with error "Class is not ...