Skip to content

Client Access

The Administration > Client Access page can be used to secure client connections to the system using HTTPS and/or modify the system name which clients will use to access the system.

Warning

If you are configuring HTTPS access for the first time or you are changing the system name, access to the system will be interrupted for several minutes while all of its services are reconfigured and restarted. During this time you will be redirected to a maintenance page. From there, users will be able to access the system using its new URL after all of the services have finished restarting.

HTTPS Certificate

If a certificate and its corresponding private key are uploaded to the Client Access page they can be used to enable HTTPS client connections. Only secure TLS 1.2 connections will be accepted after HTTPS has been configured.

The uploaded host certificate must meet the following requirements:

  • Must be a Base64 encoded PEM file
  • Certificate must not be expired
  • x509 SAN section must contain the System Name that clients will use to connect

The RSA private key of the host certificate must also be provided. Only one private key should be uploaded.

It is recommended, but not required, to upload all of the intermediate Certificate Authority (CA) certificates within the host certificate's chain of trust. Doing so will help ensure that clients will trust connections to this system.

Users will need to reload the website in order for their web browser to start using the new certificate. HTTP connection attempts will be redirected to HTTPS after a certificate has been configured.

System Name

The system name is what users will type into their web browser to access the system. The chosen name must resolve back to the IP address of the host machine. This page uses ICMP to verify the system name. If the application indicates that it cannot verify your chosen name, you may need to follow the System Requirements > Configure DNS Servers instructions.

If the system is currently configured for HTTP access a text input field is displayed where you can specify a new system name.

If the system is configured for HTTPS access name choices will be displayed which are compatible with the uploaded host certificate. If the certificate contains a wildcard a field will be displayed for specifying the wildcard portion of the name.

Warning

If you are configuring your system on an IaaS platform or in a network environment where the external DNS name (system name) does not match the local host name, this page will check the system name by using ICMP. ICMP must be allowed through any external firewalls or proxies in to the UIP instance while saving this page.