SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client – typically a web server (website) and a browser.
SSL is the predecessor of TLS (Transport Layer Security).
SSL allows sensitive information such as login credentials to be transmitted securely. More specifically, SSL is a security protocol.
All browsers have the capability to interact with secured web servers using the SSL or TLS protocol. The so called HTTPS consists of communication over HTTP within a connection encrypted by TLS or SSL. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data. The browser and the web server need what is called an SSL Certificate to be able to establish a secure connection.
In order to run a Website under HTTPS it is required to buy a certificate for the domain where this Website (e.g. SBC) is running. SSL certificate providers can be found for example at
https://www.sslplus.eu/products/ssl-certificates.html
The SSL certificate will be provided in the form of a PFX file containing the certificate and the private key.
HTTPS (Hypertext Transfer Protocol Secure) provides two major benefits for your SBC installation:
A certified web server can prove to clients that the page they are accessing is a trusted one. If e.g. a “man-in-the-middle” application would try to modify this Website on its way to the customer, the client browser will indicate this illegal change.
All data sent between the client and the server gets encrypted. Even if some “man-in-the-middle” applications attempt to sniff the traffic between client and server, they won't be able to read the actual data being sent. Sensitive data like usernames, passwords, session information etc., are secure.
Once HTTPS is enabled, SBC will only be accessible by HTTPS. Only one certificate can be set for SBC. As HTTPS certificates are only valid for a defined list of domains, it must be ensured to use only those domains for the SBC frontend, otherwise the client browser will display a certificate warning.
In order to prepare SBC and X-pos for being used over SSL the SBC deployment and the X-pos deployment as well contains a SSL configuration assistant.
The Spider Suite SSL Configurator under Start – All Programs – Leica Geosystems – Spider Business Center or Start – All Programs – Leica Geosystems – Spider X-pos executes all required steps to set up SSL support for both web applications, namely:
In order to run the SBC web page or the X-pos API under HTTPS, the existence of a SSL certificate is presumed. This "*.pfx"-file is the only required input parameter for the SSL configu-rator tool. Some pfx-Files require a password which can be entered after selecting the file.
Two possible scenarios need to be distinguished in a distributed installation of the GNSS Spider Suite.
In both cases it is important that the X-pos Server name is configured to the domain that is valid for the certificate. See section System – Infrastructure.