7: Services
EMG™ Edge Management Gateway User Guide
129
When an EMG is configured with a SSL certificate that is either a wildcard certificate or associated
with a specific name, in order to establish a Web SSH or Web Telnet session to the EMG unit, the
unit must be able to successfully perform a reverse lookup on any IP address to which Web SSH
or Web Telnet requests are sent. For example, if a unit is configured with a SSL certificate for the
name "EMGXYZ.lantronix.com", and the unit website is being accessed in a browser with "https://
EMGXYZ.lantronix.com", the unit needs to be configured with a name server that will allow the unit
to perform a reverse lookup on the IP address associated with EMGXYZ.lantronix.com. Failure to
perform a reverse lookup on a name may result in name mismatch errors in the browser when it
attempts to open the Web SSH or Web Telnet window.
If you are unable to connect to a Web SSH or Web Telnet session for a reason other than a
browser SSL certificate issue, restarting the SSL server on port 8000 may resolve the connection
problem. This can be done by restarting the web server (with the CLI command "admin web
restart") or by disabling both Web SSH and Web Telnet on the
web page,
and then re-enabling them.
Chrome
- For the greatest ease of use with Web SSH and Web Telnet, when the EMG web
server is using a self-signed SSL certificate, use the Chrome browser. When the user accepts
the self-signed SSL certificate in the browser for the primary EMG website, the self-signed
SSL certificate is accepted for all ports - including port 8000 - for the EMG website.
Firefox
- When accessing the EMG website with Firefox, and when the EMG web server is
using a self-signed SSL certificate, accepting the self-signed SSL certificate in the browser for
the primary EMG website will only accept the certificate for port 443. It will not accept the
certificate for port 8000. This may result in a popup being displayed in the Web SSH or Web
Telnet window indicating that the browser needs to accept a certificate. To accept the self-
signed certificate for port 8000, go to Firefox -> Options (or Preferences) -> Advanced ->
Certificates -> View Certificates -> Servers, and add an exception for the EMG IP address or
hostname, with port 8000.
Internet Explorer
- When accessing the EMG website with Internet Explorer, and when the
EMG web server is using a self-signed SSL certificate, Explorer will grant access to the Web
SSH and Web Telnet terminals if (a) the host name or common name in the self-signed
certificate matches the name (or IP address) being used to access the EMG website, and (b)
Explorer has imported and trusted the self-signed certficate. A custom self-signed certificate
with the EMG name can be generated via the
admin web certificate custom CLI command.
Once the EMG web server has been configured to use the custom self-signed certificate, follow
these steps for Internet Explorer to trust the custom certificate:
In Internet Explorer, browse to the EMG website whose certificate you want to trust.
When you see the message "There is a problem with this website's security certificate.",
choose
Continue to this website (not recommended)
.
In Internet Explorer, select
Tools -> Internet Options
.
Select
Security -> Trusted Sites -> Sites
.
Verify or fill in the EMG website URL in the
Add this website
field, click
Add
, and then
Close
.
Close the I
nternet Options
dialog with either
OK
or
Cancel
.
Refresh the Internet Explorer web page with the EMG website.
When you see the message "There is a problem with this website's security certificate",
choose
Continue to this website (not recommended)
.
Click on the red
Certificate Error
at the right of the URL address bar and select
View
certificates
.