Continued usage of the self-signed SSL certificates created by DataSync

 

The DataSync installation creates a self-signed certificate.  Since the certificate is self-signed and the Trusted Root Certificate is not recognized by any other PC, accessing DataSync from other PCs in the environment requires additional steps on each of these PCs.

After installation, the self-signed certificate is installed and bound to the default port of 9500.  If the installer detects that a certificate has already been bound to port 9500, the existing certificate is left alone and not replaced.  

The self-signed certificate created by the installation can be found in your 64bit installation directory, under the openssl folder.  
The name of the file is called DataSyncWebAPI.crt.
 

The following steps will enable another PC to access the DataSync Angular client.

 

Step 1: Install the certificate under Trusted Root Certification Authorities

1.1. Copy the DataSyncWebAPI.crt from the DataSync server to the new PC.

1.2. Right-click ‘Start’ and select ‘Run’.

1.3. Type in ‘certlm.msc’ and right mouse click on the item and select “run as administrator”.

1.4. Expand ‘Trusted Root Certification Authorities’ in the left pane, right click on ‘Certificates’, select ‘All Tasks’ and then ‘Import’.
certlm_trusted_root_certificates.bmp

1.5. Follow the steps in the ‘Certificate Import Wizard’ to complete the certificate installation.

 

Step 2: Configure Firefox for use with Self-Signed Certificates

Since the trusted root certificate is self-signed, the Firefox browser will still issue a security warning.  Please follow the instructions in the section Configuring Web Browsers for use with Self-Signed Certificates.  

Depending on the Trusted Root Certificate, a freshly installed Firefox browser may display the following warning page when CONNX DataSync is accessed:

Firefox_with_security_warning.bmp
 

If this warning is displayed, you can then press the advanced button and accept the risk of going to the page and continue on to the DataSync site. 

 

To permanently suppress this message and eliminate the need to add an exception for the certificate, Firefox must be configured to allow enterprise root certificates:

Note: This requires Firefox 68.8 or higher.

2.1. Open the Firefox browser.

2.2. In the address edit box type the following:  about:config, this will take you to the following page:

firefox_aboutConfig_warning.bmp
 

2.3. Accept the risk and continue.

2.4. This will take you to the following page:

firefox_aboutConfig.bmp
 

2.5.  In the search field type the following:  security.enterprise_roots.enabled

firefox_security.enterprise_roots_enabled_false.bmp

Your screen may be slightly different depending on your operating system.  The default value for this setting is false.  

2.6. Double-click on this entry to toggle the value from false to true. Note: Firefox may display a value of true for this setting even though it has never been changed.  In this case, change the value to false and then back to true again.

firefox_security.enterprise_roots_enabled_true.bmp

2.7. Close and restart the browser for the change to take place.

2.8. You should now be able to open DataSync without the security warning appearing.