Title: Security Level

Traction supports four encryption modes:

  1. No encryption, the default.

  2. HTTPS (TLS) encryption.

  3. HTTPS (TLS) encryption with optional X.509 certificates. In this mode, users will be allowed to log into Traction without a trusted client certificate, but they may use one if it is available.

  4. HTTPS (TLS) encryption with required X.509 certificates. In this mode, only users with a trusted client certificate will be allowed to log into Traction. They will be able to log in with any valid Traction credentials. Users without a certificate will be denied access.

  5. HTTPS (TLS) encryption with optional X.509 certificates. In this mode, users with a trusted client certificate will be allowed to log into Traction. They will be able to log in with any valid Traction credentials. Users who don't have a certificate will be treated as Visitor.



The procedure for configuring HTTPS is explained in the section Setting up HTTPS.

The options provided depend on your selection.



When you select TLS encryption, a link appears to the private key manager, where you can configure a private key and generate a certificate signing request (CSR).



If you select TLS with Client Auth, a second link appears, to the Trust Manager, where you can decide what certificates to trust.



Note: Changes to security level take effect when you press Apply. They do not require a server restart. After pressing apply, you may need to change the URL in your browser from http to https, or from https to http.

Note: It is possible to run Traction on up to 3 ports simultaneously, with different security settings on each. You might do this to allow unencrypted http access within your firewall but require https outside your firewall. This can only be configured by editing the Traction.properties file while the server is shut down. Please contact Traction support (support@tractionsoftware.com) for instructions.





Attachments:
image574.gif
image575.gif
image576.gif
Related Articles
referenced by (1)
Article: Doc239 (permalink)
Date: March 22, 2008; 4:16:30 PM Eastern Daylight Time

Author Name: Documentation Importer
Author ID: importer