SG 3.0 HTTPS access

[craigeb78]

Hi, just installed 3.0, and have noticed that all my installs are using https and I'm getting cert errors whenever opening the console.

Where can I adjust the console settings to change this to http or even change the hostname?

Is it possible to disable https through the install process? I didn't see the option.

[sundar_SGS]

Hi,

The SSL certificate used by StoreGrid HTTPS (Secure WebConsole) is a self-signed certificate created/provided by StoreGrid, since the browsers normally allow only trusted certificates, they show up as a warning informing the users that they are entering a website without a trusted certificate. You can ignore this warning and continue using the StoreGrid Secure WebConsole. If you would like to get rid of the warning in the browsers, you can re-configure the StoreGrid webconsole HTTPs port to HTTP.

By default HTTPS will be enabled in the StoreGrid v3.0 installation. You can disable it in the StoreGrid Configuration window during the StoreGrid installation. In the same way, you change it for the existing StoreGrid installation(For Windows), you can disable the HTTPS webserver port by installing the same StoreGrid build on top of the existing installation. During installation you can disable the HTTPS port by clicking on the 'Advanced Port Configurations (Including HTTPS)' link in 'Configure StoreGrid webserver port' wizard.

To re-configure the StoreGrid webconsole HTTPs port to HTTP value in the Linux StoreGrid installation, please follow the steps given below.

1. Stop StoreGrid.
2. Open the file 'config.inc' through editor located in
'<StoreGrid_Home>sgchroot/htmlgui/conf/' and replace '$SG_HTTPS=1;' variable by '$SG_HTTPS=0;' and save the file.
3. Open the 'ssl.conf' file located in the '<StoreGrid_Home>sgchroot/apache/conf/' folder.

a. Search for the following line in the 'ssl.conf' file:
##<IfDefine SSL>

replace the above line with the following line
<IfDefine SSL>

b. Search for the following line in the 'ssl.conf' file :

##</IfDefine>

replace the above line with the following line

</IfDefine>

c. Save and close the 'ssl.conf' file.
4. Start the StoreGrid application.

Regards,
Sundar N,
Vembu Technologies.

[lr]

Would you consider changing this in upcoming release? I mean, a new user does a 'typical' install, then launches the web console. oops, certificate error. Now I have to explain to the new user, just ignore that every time you launch the web console. Doesn't look good really.

OR, I have to tell them to go into the custom install and 'deselect' use https: Another thing to explain (even to some less technical users, this 'seems' like a bad thing), to disable https.

Anyhow, it seems like disabling https should be the 'typical' install, especially when you add the ability for service providers to have some control over user backups through the backup server interface as was discussed in another post. Maybe a future release could allow http or https post install through a single 'tick' in the web interface instead of a complete reinstall.

[kshama]

Hi lr,

Quite frankly not many partners have concerns on having https enabled by default for client web console; in fact most might think this as a secure option. The certificate confirmation alert in the browsers was introduced only recently and many users are probably still not used to seeing these alerts too often.

We will however, definitely look into enabling/disabling this option from the web console itself to make it easier - which will avoid users having to re-install the build.

Regards
Kshama
Vembu Technologies

[craigeb78]

I have to agree. It seems silly to default to an HTTPS interface, when you know it will cause a certificate error. Yes, us techies get these all the time, but they're still annoying and necessitate useless clicking. End users will constantly be concerned by the error.

Is there something I'm missing here that this needs to be default when clicking on the icon on the LOCAL machine? If you're accessing it remotely, then I can understand, and you'll more than likely be accessing it manually correct? At least change the icon and taskbar shortcuts to use non-ssl by default.

Craig Eberly
Versa Vault

[lr]

[kshama]

Hi,

Thanks for your suggestions. I am assuming this concern is primarily for the client builds. We could disable HTTPS by default during installation of client builds. Also, we could provide an option in the Build-O-Matic form (for branded build submission) to decide what should be the default behavior during the installation. We'll make this change in our 3.1 release, expected end of this month.

Deciding based on whether the access is from local machine or not is also a good suggestion and we could look at it in a later release.

We'll would like to hear from others also.

Regards
Kshama
Vembu Technologies

[lr]

yes Kshama, good point. My comments were really only intended for the client build.

[mfinney]

I would not even consider running in non HTTPS mode. The better option to me is to use a valid certificate that could find a trusted root on the Internet, or to have a posted doc explaining to the clients how to install the certificate so they don't get prompted.

[lr]

I think you're missing the point. For the client build, it would be silly to buy/install a cert if you are only accessing it from the local machine. When launching the console on the local mahine, using the local machine's web server, it makes no sense at all to default to https.

[CCSNET]

to be honest it scares end users, there trusting that the product is a secure backup of their data, and the first thing they are presented with is a "THIS IS NOT SECURE" page.

also would you really suggest i tell a customer to by a SSL for each of his 35 laptops we backup. doesn't seem right...