Defining the web server settings

The Web server settings page allows you to configure and manage the following settings:

• Server
• Proxy
• Ports
• Email
• Logging
• Allowlist

Server

In the Server tab, configure the following Server connection and Server protocols settings established during installation.

1. Customize your CES installation by specifying the required Name to identify the CES installation that you are working on. 
   On applying the changes, this name appears in the CES header.

   Important

   The alphanumeric Name field has a character limit of 100 characters, and only allows you to enter A-Z and 0-9. Clicking Apply restarts the server.

2. You can choose to manually restart the web server by clicking Restart server. The user interface displays a confirmation message and also returns you to the same page after the restart.

3. In the Server protocols pane, use the toggle switch to Enable HTTP or Enable HTTPS or enable both protocols, and specify the Port established for the respective protocol.

   Important

   BMC recommends the use of HTTPS so that data transfer is secure.

4. If you want to enforce using CES only on the HTTPS port, you must set the Server protocol to Enable HTTPS, configure the relevant details, and click Apply. The CES server restarts. When the UI is available again, the HTTP Strict Transport Security (HSTS) toggle switch appears. Enable the toggle switch to use CES only on the HTTPS port.

   Info

   HTTP Strict Transport Security (HSTS) is a web policy designed to protect visitors by ensuring that their browsers only contact the web server via HTTPS after initial contact. HSTS accomplishes this by adding the domain to a list that the user's browser keeps internally. Once the domain is added, the browser will enforce HTTPS only on behalf of the web server until it expires after 7 days and will attempt to make any user requested HTTP calls as HTTPS.

   Limitations and consequences:

   Enabling HSTS may prevent some forms of SSL Stripping and Session Hijacking attacks, but comes at the cost of possible future use of HTTP. The web server has no control over the browser's list of domains that requested HSTS to be enabled. Because of this, the web server cannot remove its domain if HSTS is no longer desired. Before enabling HSTS, become familiar with the process of turning it off and weigh its practicality with your organization's needs.

5. (If the Server protocol is Enable HTTPS) Configure the following details in the Server certificate for Java KeyStore pane.
   1. Select the relevant Type, and enter platform-specific values in the subsequent fields:
      • (For Windows or Linux) If Type is Java KeyStore, enter the Location of the Java keystore file (.jks) and the Java keystore Password.

      • (For USS only) If Type is Keyring or Keyring with Hardware CCA, enter the relevant Keyring username and Keyring name.

        Important

        When using CES on Windows or Linux, the Type field with options does not explicitly appear on the UI, and you need to enter only the TrustStore Location on the server and TrustStore Password.

   2. Enter the Certificate alias to identify the certificate.
6. (If the Server protocol is Enable HTTPS) Configure the following details in the Client workstation certificate authentication pane.
   1. Select the relevant Type of certificate authentication.
   2. (If the Client certificate alias is Trust store or Key store) Use the Require client authentication toggle switch to enforce client authentication.
   3. (If the Client certificate alias is Trust store) Select the relevant Type, and enter platform-specific values in the subsequent fields:
      • (For Windows or Linux) If Type is Trust store, enter the Location of the TrustStore on the server and the keystore Password. The TrustStore can be the same as the Java Keystore.

      • (For USS only) If Type is Keyring or Keyring with Hardware CCA, enter the relevant Keyring username and Keyring name. The TrustStore can be the same as the provided Keyring or Keyring with Hardware CCA type.

        Important

        When using CES on Windows or Linux, the Type field with options does not explicitly appear on the UI, and you need to enter only the TrustStore Location on the server and TrustStore Password.

7. Click Apply and restart server.