TN 016: DR web portal for HTTPS configuration

Owned by Admin
Last updated: Dec 29, 2020
4 min read

ID: 000016 – How far Dream Report fits with secured network environments, in particular for web accesses based on https.
Q:
How far Dream Report fits with secured network environments, in particular for web accesses based on https.
How can I secure the HTTP accesses with Dream Report?
Does Dream Report support https?
Does Dream Report support SSL certificates?

A:
By default, the web portal is accessible using the following URL: http://DreamReportHostName/DRWeb where DreamReportHostName is the name or IP address of the server running the Dream Report runtime.
This URL denotes the use of HTTP, so a communication channel without special security concerns about the identification/authentication of the server, and no data encryption (except if the channel is opened over a VPN or another special mechanism).


The following procedure describes steps to secure the communication channel between the web portal server and the client by setting up:
- An SSL certificate on the server (to allow clients to authenticate the server they connect to).
- Data encryption on the channel.


Setting up IIS for the use of SSL
Step 1:
Install the SSL certificate on your IIS server (contact your system administrator for more information). Such a certificate must be issued by a trusted third party, and therefore cannot be supplied directly by Ocean Data System.


Step 2:
Launch the IIS Administration console.
Deploy the tree view and right click on the node Default Web site.

Open the Default Web Site properties, and go to the Directory Security tab.

Click on the Display button to check the SSL certificate.

Note:
On this example, the SSL certificate has been self-issued for a host named Arc5. It is valid from 21/11/2007 to 28/11/2007. This certificate will not be trusted by any usual web browsers such as Internet Explorer, FireFox or Opera because it has not been issued by a trusted third party.

Step 3:
Close the SSL certificate display dialog box and click the Modify button to change SSL settings.

In this example, we have activated:
- The use of SSL for server authentication
- Data encryption on the channel
Depending on your security constraints you may also activate client certificates usage (contact your system administrator for more information).

Note:
Depending on the list and settings of existing virtual directories, you may be required to validate the changes for some existing objects (inheritance mechanism of IIS).
Validate and close the IIS Administration console.
All settings in this tutorial are done based on IIS 6.0, that runs on Windows 2003 Server and on Vista, however, similar settings can be applied for IIS 5.x for Windows 2000 Pro and Server as well as for Windows XP Professional.
IIS Versions that are newer then IIS 6.0 weren’t validated at moment of release of this document.

Step 4:
Change the definition of the “network.xml” file as shown on the picture below:

Save the project and launch the Dream Report Runtime.


Step 5:
At startup, Dream Report Runtime creates or recreates the virtual directory using the Default Web Site configuration

The Web Portal is now accessible using the https URL and data are encrypted on the https channel.


Note 1:
On the screenshot, a certificate error is mentioned because the certificate is self-issued, not trusted by Internet Explorer. This would not happen with an SSL certificate issued by a trusted third party. In that case, also, Internet Explorer displays a warning page explaining that the server should not be trusted because of the non-trustful certificate issuer, and the fact that the certificate has been issued for a server named Arc5, and the URL mention a hostname named localhost. Validating this error forces Internet Explorer to exchange data with such a server anyway, and therefore display the Web Portal pages.
Note 2:
Be careful to the fact that any virtual directory created using Default Web Site properties will use the same SSL settings. It is usually the case when securing a web server (There is no reason for securing a given virtual directory and not the others).