HTTPS (TLS) encryption with optional X.509 certificates.
In this
mode, users will be allowed to log into Traction without a trusted client
certificate, but they may use one if it is available.
HTTPS (TLS) encryption with required X.509 certificates.
In this
mode, only users with a trusted client certificate will be allowed to
log into Traction. They will be able to log in with any valid Traction
credentials. Users without a certificate will be denied access.
HTTPS (TLS) encryption with optional X.509 certificates.
In this
mode, users with a trusted client certificate will be allowed to log into
Traction. They will be able to log in with any valid Traction credentials.
Users who don't have a certificate will be treated as Visitor.
The procedure for configuring HTTPS is explained in the section Setting up HTTPS.
The options provided depend on your selection.
When you select TLS encryption, a link appears to the private key manager,
where you can configure a private key and generate a certificate signing
request (CSR).
If you select TLS with Client Auth, a second link appears, to the Trust
Manager, where you can decide what certificates to trust.
Note: Changes to security level
take effect when you press Apply. They do not
require a server restart. After pressing apply, you may need to change
the URL in your browser from http to https, or from https to http.
Note: It is possible
to run Traction on up to 3 ports simultaneously, with different security
settings on each. You might do this to allow unencrypted http access within
your firewall but require https outside your firewall. This can only be
configured by editing the Traction.properties file while the server is
shut down. Please contact Traction support (support@tractionsoftware.com)
for instructions.
