S W G U s e r G u i d e
Chapter 20: Enabling HTTPS Scanning
120
Configuring and Certifying HTTPS
Before HTTPS policy can be effective, you must:
• ensure that HTTPS is enabled in the HTTPS module,
• obtain a certificate, and ensure that it is propagated to the scanners and users.
Scanning server devices have an HTTPS module with pre‐configured settings. You should also make
any desired adjustments to the settings in the HTTPS module.
It is recommended that you perform these HTTPS‐related tasks for Device Default settings, and then
propagate them to the HTTP modules in all Scanning servers
This section contains the following procedures:
•
To configure device HTTPS settings
•
To obtain and propagate an HTTPS certificates
Â
To configure device HTTPS settings
1. Select
Administration
Æ
S
ystem
Settings
Æ
M86
Devices
.
2. Choose
Devices
Æ
Default
Values
Æ
Device
Settings
Æ
HTTPS
. To alter settings for a specific
device, choose
<device_group>
Æ
<device_ip>
Æ
Scanning
Server
Æ
HTTPS
.
3. In the main window, click
Edit
.
4. Select the
Enable
HTTPS
checkbox.
5. If needed, modify the
Listening
Port
value in the
HTTPS
Service
tab.
6. If other configuration adjustments are needed in any of the tabs, perform them. For information
on the fields in each tab, see the
Management
Console
Reference
Guide
.
7. Click
Save
.
8. Continue with the procedure
To obtain and propagate an HTTPS certificates
.
Â
To obtain and propagate an HTTPS certificates
1. If the device tree is not displayed, select
Administration
Æ
S
ystem
Settings
Æ
M86
Devices
.
2. Depending on how you plan to obtain the needed certificate, do one of the following:
• To use an M86‐generated certificate, do the following:
a. Right‐click
Devices
Æ
Default
Values
Æ
Device
Settings
Æ
HTTPS
and choose
Generate
Certificate
.
b. In the
Type
field, select
Self
Signed.
Self
Signed
is the default.
c. In the
Common
Name
field, specify a name for the CA. The name is
mandatory
.
d. In the remaining fields, fill in all relevant data as needed.
e. Click
OK
. Then continue with
Step 3
.
• To obtain a certificate by issuing a Certificate Signing Request (CSR) to an external CA, and
then importing the certificate generated by the CA, do the following:
a. Right‐click
Devices
Æ
Default
Values
Æ
Device
Settings
Æ
HTTPS
and choose
Generate
Certificate
.
b. In the
Type
field, select
CSR
.
c. In the
Common
Name
field, specify a name for the CA. The name is mandatory.