Your ClearSCADA system can be accessed via the Internet or a company Intranet. To provide this functionality, ClearSCADA uses web ports.
There are two sets of web ports:
- Non-secure web ports—These ports allow a WebX client to access ClearSCADA via the standard http protocol.
The standard http protocol is not encrypted. The communications traffic between the client and server can be seen by anybody who has physical access to the network and appropriate network monitoring tools.
- Secure web ports—These ports allow a WebX client to access ClearSCADA via the secure https protocol.
The standard https protocol is encrypted. If somebody is monitoring the network, they will be unable to see the content of the traffic between the client and server.
When a web browser accesses a web server via the secure sockets protocol (https), the web browser will request the server's SSL certificate. The web browser uses the information in the certificate to:
- check that the web browser is communicating with the correct web server
- establish a secure encrypted connection to that web server.
If an administrative user has not already configured an SSL certificate in the web server, ClearSCADA will automatically create a top-level non-trusted SSL certificate for that web server.
If the default, server generated non-trusted SSL certificate is used, the WebX client will display warning messages when users access the system. The exact warning message depends on the browsers, but typically might be "There is a problem with this website’s security certificate". Some users may find these warning messages distracting, although they do not affect their ability to interact with your ClearSCADA system.
If a trusted SSL certificate is used, the WebX client is able to verify that it is connecting to the expected server, and so there are no warning messages shown when a WebX client accesses the secure web server ports.
We recommend that you purchase trusted SSL certificates for your web servers as this will mean that users do not receive distracting warning messages. We also recommend you review your security options and establish appropriate security for your web server.
Recommended security:
- Purchase and install a web server certificate
- Clear the "Allow logon and database writes over non-secure HTTP" setting
- Use a proxy server or proxy firewall for communications with WebX clients.
Maximum security:
- Purchase and install a web server certificate
- Clear the "Allow logon and database writes over non-secure HTTP" setting
- Disable HTTP port(s)
- Use a proxy server or proxy firewall for communications with WebX clients.
We recommend that you do not :
- Use the default server generated non-trusted web server certificate
- Select the "Allow logon and database writes over non-secure HTTP" setting.
For more information, see Setting Up Security for WebX and Original WebX Clients.