How to Configure HTTPS in TrueConf Server

Alina Krukova
April 20, 2016
Alina Krukova

Why do you need HTTPS connection

HTTPS – is a protocol based on SSL and TLS encryption standards. It provides a safe connection between a browser and web server and protects it against attacks associated with wiretapping and interception of network traffic. Such a protection can be provided only with a help of encryption means and trustworthy certificate.

HTTPS and WebRTC

It is essential to have a secure communication channel for fully featured connection to conferences organized on TrueConf Server via WebRTC in Chrome browsers (starting from version 47). It is a requirement of browser security policy when using microphones and cameras. Insecure communication channel allows joining the conference only for viewing.

Secure channel of communication is required for successful server synchronization when connecting to TrueConf Directory. Learn more in our blog post

How to Set Up a Secure Connection

To set up a secure connection, a server administrator needs a certificate file in X.509 format and corresponding private key file.

In TrueConf Server’s web interface you can download a commercial certificate or create free self-signed certificate using our programme.

Commercial certificate

Advantages: A fully featured commercial certificate does not require any additional operations with end-user machines because browsers trust to the publisher who has signed it.

Disadvantages: Such certificates are paid only.

Go to the HTTPS tab of the web interface (TrueConf Web Manager) and choose the “Use custom certificate” mode in “HTTPS configuration” block:

https_configuration

A new field “HTTPS port” will become available after this:

https_port

The standard TCP port 443 is set in this field by default. You can also change it to the port that will obey to web server for operation via HTTPS protocol.

Downloading the Certificate:

Go to the Custom certificate block and click the Choose file button in the fields Certificate file and Key file. Click Upload when the files are chosen.

Certificate format, key format and key compliance with certificate are verified during downloading. If at least one check has failed, then certificate and key files will not be saved.

Self-signed Certificate

Advantages:

  • It is generated for free from web interface (TrueConf Web Manager) for 365 days;
  • It can be prolonged for unlimited period;
  • It enables WebRTC testing without fully featured certificate acquisition.

Disadvantages:

  • It requires manual setting of root certificate at all client machines which are supposed to use HTTPS and WSS;
  • The process of root certificate setting is different for Chrome and Firefox.

Go to the Self-signed certificate block and click the Create new SSL certificate button:

create_new_ssl

When certificate is generated the HTTPS settings page will change its appearance:

self_signed_certificate_437_big

To download a ready certificate click Download ca.crt.

Distribute the certificate among users who want to join your conference via secure connection.

To prolong a validity period of an existing self-signed root certificate for one more year or to update the company information simply click the Create new SSL certificate button at the same page. A new certificate signed by the previous root certificate will be generated (if the previous certificate was not expired).

Configuration Check Upon Certificate Downloading / Generation.

Web server at start uses HTTPS working settings. Incorrect port information and certificate parameters may be the reason for web server failure and the administrator will lose access to the Web Manager. In this regard, it is necessary to provide a thorough check of set parameters.

To initiate HTTPS configuration checks without server restart simply click the Test configuration button.

Verification steps:

  1. HTTPS port availability for its use by the Apache web server.
  2. Certificate file compliance with X.509 format.
  3. Verification of the file specified as a private key.
  4. Private key compliance with certificate.

If configuration is correct, the Configuration is successfully tested message will appear at the top of the HTTPS page. Click Apply to save the configuration file with specified parameters and further web server restart.

If you see the “The port is already in use or blocked” message on the top when you have specified the port and pressed “Test configuration”, enter any HTTP port in appropriate field and click again “Test configuration”. Should the problem comes again, please contact our technical support over the phone: 1-347-878-3263.

How to disable HTTPS?

Choose the Disable HTTPS parameter in drop down list and use the following settings:

disable

How to connect to WebRTC conference in Chrome 52?

Starting problems of WebRTC conference in Google Chrome 52 or greater are solved in 4.3.7.12219 build. Update your server version by clicking download below:

 

https://trueconf.com/downloads/trueconf-server/#download