- Install, Upgrade, and Maintenance
- Targetprocess System Requirements
- FAQs about migration from IBM to AWS
- How to switch from Targetprocess On-Site to Targetprocess On-Demand
- How to move Targetprocess from one server to another
- Error after migrating the database from SQL Server 2005 to a newer version
- Share View with external users in On-Premise environment
Restricting use of Targetprocess to HTTPS (HTTP with encryption) increases security against eavesdropping and man-in-the-middle attacks. This can be extremely beneficial for organizations that require additional protection for confidential data and access their Targetprocess instance outside of a company network.
For our on-demand (cloud-based) customers, the secure HTTPS-only scheme is already activated. Our infrastructure team updates SSL certificates over time and manages security settings carefully.
For on-site customers HTTP mode is enabled by default. You may disable HTTP access to TargetProcess and allow only HTTPS. To force secure connection mode you must follow the steps described below:
- Obtain a certificate for your server
- Configure your hosting server
- Configure the Targetprocess application
Obtaining a Certificate
When choosing a certificate, consider the following: Do you want end users to be able to verify your server's identity with your certificate? If yes, then either create a certificate request and send that request to a known certificate authority (CA) such as VeriSign or GeoTrust, or obtain a certificate from an online CA in your intranet domain.
There are three things that a browser usually verifies in a server certificate:
- That the current date and time is within the "Valid from" and "Valid to" date range on the certificate.
- That the certificate's "Common Name" (CN) matches the host header in the request. For example, if the client is making a request to http://www.targetprocess.mycompany.com/, then the CN must also be http://www.targetprocess.mycompany.com/.
- That the issuer of the certificate is a known and trusted CA.
If one or more of these checks fails, the browser prompts the user with warnings.
Self-signed certificates are certificates created on your computer. They're useful in environments where it's not important for an end user to trust your server, such as a test environment.
IIS Web Server Configuration
Import Certificate
You can import a server certificate sent to you by another user or certification authority (CA) or restore a lost or damaged server certificate that you previously backed up. User guides are provided by Microsoft:
- Import a Server Certificate (IIS 7)
- Configure central certificate store, Install and configure the feature (IIS 8)
Binding
Make sure that the web server has a binding for an HTTPS connection. Default port for https:// connections is 443 and default port for http:// connections is 80. However, it is possible to use another ports on your hosting server.
Use the following guide in order to set up SSL on an IIS7 web server.
Targetprocess Application Configuration
In order to make changes to the security settings, you should log into Targetprocess with Administrator account.
Navigate to Settings → Authentication and Security → Security and ensure that the “Allow HTTPS access only” check box is checked.
Also make sure you have the updated Application root URL starting with https:// prefix. The url is specified at Settings → General Settings:
Troubleshooting
Q: I just activated HTTPS-only mode. In my emailed notifications 'See online' links are still in HTTP format which is wrong. When I try to open a link that starts with HTTP, the page waits for 15 seconds and redirects to HTTPS. How do I correct the old links?
A: The address for 'See Online' links in emailed notifications is taken directly from Settings → General Settings → Application root URL value. Please log into Targetprocess with Administrator account and correct the root URL as described above.
Some of your users may still have links that start with http:// in their saved bookmarks. To avoid 15 seconds delay during redirection, either ask them to update the obsolete links, or configure automatic redirection from http:// to https:// mode within IIS settings on the server where your Targetprocess application is hosted.
Q: Since I switched Targetprocess application to HTTPS-only mode, I cannot access it anymore.
A: It is likely that SSL mode is not configured properly for your IIS hosting server. You can revert the HTTPS-only setting back temporarily until the issue with SSL mode is fixed. It is possible to do that directly within the Targetprocess database. Connect to the database using the Microsoft SQL Studio tool. Open the dbo.GlobalSetting table and in the first row update the value in DisableHttpAccess column from 1 to 0.
Still have a question?
We're here to help! Just contact our friendly support team