Web Configurator certificates backed by a local CA

Use Web Configurator via HTTPS without browser warnings

TopView's Web Configurator documentation provides instructions for generating a self-signed certificate. Because self-signed certificates are not backed by a Certificate Authority, modern web browsers may display warnings of an insecure connection which can easily confuse operators and users of the application.

For production use, especially if the site is exposed publicly, we recommend purchasing a valid certificate from a legitimate Certificate Authority, like DigiCert or Let's Encrypt (letsencrypt.org.

If Web Configurator is on a local network, or within a DMZ, it is possible to generate certificates that browsers will accept without warning.
Self-signing certificates and using a custom CA certificate is inherently insecure and done at your own risk.
You can generate a custom CA certificate and another certificate for Web Configurator using FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates.
  1. Download the mkcert tool from the link above onto the TopView/Web Configurator computer
    1. For Windows, you can download the portable exe from the Releases · FiloSottile/mkcert (github.com) page.
  2. Install the CA certificate with mkcert using;
    1. mkcert -install
  3. Generate a PFX certificate for TopView Web Configurator to use. Recommended command:
    1. mkcert -pkcs12 [ip address of TopView computer] [hostname of TopView computer] [...any other addresses by which this site may be accessed]
    2. Note: you can try multiple times to get it right. The password is defaulted to "changeit"
  4. Change the generated certificate's extension to "pfx"
  5. Set Web Configurator to use this new certificate instead of your previous self-signed one.
Then you can install the CA certificate on any client computers that need to access the Web Configurator, this will cause browsers to trust any sites coming in with a certificate backed by the CA certificate.

Follow instructions from Installing the CA on other systems on any computers that will access the Web Configurator.

At this point, you should be able to see the client computer's browser trust the Web Configurator's certificate. You will need to connect via an address specified in the step generating the certificate for the Web Configurator.

This method also works for our recommended MultiTech rCell 100 devices. You can generate modems certificates backed by the CA certificate and client computers will trust the modems as a result.

    • Related Articles

    • Use Gmail for TopView email notification

      The following information provides details on using Gmail with TopView for both outgoing email (Notification) and incoming email (Alarm Acknowledge and information requests). Google offers free Gmail accounts. They include the use of Gmail's outgoing ...
    • MultiTech rCell Modem Test Error: "Could not establish trust relationship for the SSL/TLS secure channel"

      Newer versions of the rCell modem firmware (5.0 and later) have removed the “enable HTTP” settings available in earlier versions of the firmware. We recommend all users configure the modem for HTTPS access only. Known causes of this error: The ...
    • MulitTech certificate "Valid From" time set based on modem time.

      User was getting "Could not establish trust relationship for the SSL/TLS secure channel" error when testing HTTPS connection. User was on Windows 10, so it was unlikely to be due to unsupported TLS version. Double checked the steps to make sure the ...
    • Web server open error: "HTTP could not register URL"

      The TopView Application log may show the following error message: Web server open error: HTTP could not register URL http://+:7170/. Your process does not have access rights to this namespace. Background The TopView Mobile Web App communicates to ...
    • How to improve MultiTech rCell modem performance (SMS)

      This article provides information for users experiencing performance issues with the MultiTech rCell modem used for TopView SMS notification. Symptoms The user cannot log into the modem web UI When logging into the modem web UI, the screens are slow ...