Network and server administration > Configure UI connection

Configure UI connection

Use the Configure UI connection page to specify how browsers can connect to the Activator user interface. Browser connections can be via HTTP, HTTPS or both.

To open the Configure UI connection page, go to the System management page and click the Configure UI connection link in the Related tasks list.

Axway Activator HTTP UI connections are typically made through port 6080. HTTPS connections are typically made using port 6443. You can modify the ports required for both HTTP and HTTP/S access.

If you select to use HTTPS, you must add a server certificate as described in the procedure below. You have options to:

This certificate secures the connection between browsers and the server. If you select HTTPS and require client authentication, you must add the client's trusted root certificate.

This topic includes the following sections:

Configure HTTPS

Use this procedure to configure the server so browsers can log on to the user interface via HTTPS.

  1. Click System management on the toolbar to open the System management page.
  2. Click the task Configure UI connection near the bottom of the page to open the Configure UI connection page.
  3. When you are open this page for the first time, connections via HTTP is configured by default. You can accept the default or add configuration for connecting via HTTPS. You cannot disable connections via HTTP until you have configured HTTPS. Once HTTPS has been configured, you can return to this page and select to have browsers connect via HTTP or HTTPS, or both.
  4. On the General tab, select UI connections made via HTTPS. Port 6443 is displayed by default, however you can change the number as your situation requires.
  5. Optionally, select the Override SSL and TLS cipher suites option for overriding a cipher suite.
  6. Select this option, and use the Add and Remove buttons to specific the cipher suites that are supported for the embedded server. If none are selected, all cipher suites are supported by default. The default is less secure than specifying only certain cipher suites.
  7. The default order in the Available column is the preferred order of use. Once ciphers are moved to the Selected column, you can arrange the order. Activator uses the ciphers in the order they are listed.
  8. Of the many algorithms for encrypting data and computing the message authentication code, there are varying levels of security. Some provide the highest levels of security, but require a large amount of computation for encryption and decryption. Others are less secure, but provide rapid encryption and decryption. The length of the key used for encryption affects the level of security. The longer the key, the more secure the data.
  9. The option for overriding cipher suites enables you to select the level of security that suits your needs and enables communicating with others who might have different security requirements. For example, when an SSL connection is established, the client and server exchange information about the cipher suites they have in common. Then they communicate using the common cipher suite that offers the highest level of security. If they do not have a cipher suite in common, secure communication is not possible.
  10. In versions of Activator earlier than 5.9, cipher suite configuration was handled by a file named sslciphersuites.xml. As data in that file is saved in the database, the custom cipher suite configuration is retained upon upgrading and is displayed in the Selected list under the check box in the user interface. The sslciphersuites.xml file is no longer used.
  11. Click Save.
  12. Select the Personal certificates tab and click Add a certificate to open the certificate wizard.
  13. You can add a self-signed or a CA certificate. The certificate has a public-private key pair. The certificate is used to secure connections between browsers and the server.
  14. If you choose to add a self-signed certificate, you can accept all default values in the certificate wizard.
  15. The steps for adding a server certificate are the same as adding a certificate for a community. See Add a certificate for more information.
  16. After you add a certificate, the General tab displays again.
  17. Select the Personal certificates tab again. The certificate you added in an earlier step is listed. You can click the certificate’s name to display details.
  18. If there is more than one certificate, select the certificate you want as the default and click Save.
  19. On the General tab, check again that UI connections made via HTTPS is selected.
  20. If you are configuring HTTPS and selected Require client authentication, select the Trusted roots certificates tab and add a trusted root certificate.
  21. With this option, the server requires the user's browser to send a certificate back to the HTTPS server. The HTTPS server must trust the certificate returned by the browser client. If a browser user has a CA-issued certificate for authentication, you must at least trust the root CA certificates. If a browser user has a self-signed certificate, the user must export the certificate and public key to a file and give you the file. You then must import the certificate file.
  22. To complete the configuration you must do one of the following:
  23. Inform users of the URL needed to connect from a browser to the user interface. If you use the suggested port of 6443, the URL is:
  24. https://<host>:6443/ui
  25. where <host> is the fully qualified domain name or IP address of the computer running the server.

Switch between HTTP and HTTPS

Once connections via HTTPS have been configured, you can return to the UI configuration page and select to allow browser connections via HTTP or HTTPS, or both.

If you change the configuration, click Save. You also must do one of the following:

Related topics