All Collections
Documentation and help
EdgeVis Server
EdgeVis Server Setup Guide
EdgeVis Server setup guide Chapter VI: Advanced server configuration
EdgeVis Server setup guide Chapter VI: Advanced server configuration

This chapter explains how to perform advanced configuration of the server (including the use of SSL and alarm management messaging).

Updated over a week ago

Using an SSL certificate with the web management portal

Introduction to SSL

SSL is a protocol that secures the link between a web browser and the server where a web page resides. It has two functions:

  • Encrypt the traffic between the browser and the server so that no one can eavesdrop on it.

  • Verify the identity of the server communicating with the browser. This ensures that no one can pretend to be the server and intercept communications meant for it.

The protocol uses digital certificates to perform these functions. These both communicate the encryption keys required to encrypt the traffic and a signature of those keys that verifies the server’s identity. Certificates also have a limited lifetime, after which they will expire and will need to be renewed.

EdgeVis Server only allows access to the web interface using SSL. By default, a certificate is generated during installation. This certificate, referred to as a ‘self-signed’ certificate, can provide the required keys and enable encryption of the link. However, the signature is not from a trusted source and the web browser will report it as insecure.

There are two options for supplying a trusted SSL certificate for EdgeVis Server:

  1. Automatically using the Let’s Encrypt service. This is a free, third-party service that automatically generates valid certificates for web servers that are accessible over the public internet. EdgeVis Server can use this service to automatically create and renew certificates.

    Note: Be aware that Let’s Encrypt is a third-party service. Digital Barriers cannot guarantee the security or availability of this service.

  2. Manually using a third-party or internal Certification Authority (CA). It is possible to upload a certificate that has been generated using an internal or third-party CA to EdgeVis Server. This allows using certificates from Microsoft Active Directory or an external service like DigiCert or Verisign.

Setting up EdgeVis Server to use Let’s Encrypt

To be able to use a Let’s Encrypt certificate, the EdgeVis Server deployment must meet these requirements:

  • The server must be accessible via the public internet. The server must be directly connected to the internet or behind a firewall that is configured to allow the server to connect to the Let’s Encrypt service over port 443.

  • Let’s Encrypt must be able to access port 80 on the EdgeVis Server. This port is used by Let’s Encrypt to verify that the server is available on the DNS name it is claiming the certificate for. Note: EdgeVis Server will only open this port while doing the initial certificate request and when renewing the certificate (once every 2 months).

    • If EdgeVis Server is behind a firewall port 80 must be allowed through that firewall and forwarded to EdgeVis Server.

    • Port 80 must not be used by any other software running on the same machine as EdgeVis Server.

    • If EdgeVis Server is installed on Linux, the user that it is running as must be allowed to use port 80. Normally this is restricted to root. However, some Linux installations allow configuration for other users to use this port.

  • The server must have a public DNS name assigned to it. For example, it will be accessible using a DNS address, e.g. ‘https://server.company.com:9443/, and not a raw IP address, e.g. ‘https://192.168.0.1:9443/’. This must be set up using a third-party service, e.g. GoDaddy or Netnames.

  • Let’s Encrypt requires a valid E-Mail address to be supplied along with certification requests. This address will be stored by Let’s Encrypt and associated with the requests made by EdgeVis Server.

  1. Collect the required information:

    1. The (already registered) DNS name to be used by EdgeVis Server
      (e.g. server.company.com)

    2. An E-Mail address to be sent to Let’s Encrypt with certificate requests

  2. From the Server Home Page go to Advanced Settings -> SSL configuration

  3. Select Let’s Encrypt SSL Certificate

  4. Enter the information from Step 1 into the form and submit the form to begin the process.

  5. The server will attempt to obtain the certificate

  6. If successful, refresh the web browser and it should report the connection as secure (clicking on the padlock in the address bar should show the certificate’s information and show that it was created by Let’s Encrypt).

Using an Externally Generated Certificate

To use an externally generated certificate with EdgeVis Server the certificate must meet the following requirements:

  • The certificate must be valid for the address used to access EdgeVis Server. For example, server.company.com in https://server.company.com:9443/.

  • It must be an x509 certificate in base64 format. These are text files that begin with this line:

    -----BEGIN CERTIFICATE-----

  • A Private Key that goes with the certificate. It must be an RSA PKCS8 key in base64 format and should be a minimum of 2048 bits in length. These are text files that begin with this line:

    -----BEGIN RSA PRIVATE KEY-----

(Optional) Step 1 – Generate request files

EdgeVis Server can generate a private key and a Certificate Signing Request. The key generated is 4096 bits in length and the certificate request will create a certificate, which is valid for two years. This step is not required, but can make it easier to generate a valid certificate:

  1. Collect the required information:

    1. Address assigned to EdgeVis Server in the certificate

      (For example server.company.com)

    2. Subject information for the certificate. The need for each of the following fields and what should go in them is dependent on the service generating the certificate. The available fields are:

      1. Organisation – the company or organisation legal name.

      2. Unit – the department or divisional name.

      3. Locality – the city where the department is based.

      4. State – the state or county that the city is in.

      5. Country – the two-letter code for the country that the city resides in.

  2. From the Server Home Page go to Advanced Settings -> SSL configuration.

  3. Select Generate a Private Key and CSR.

  4. Fill in the required information from step 1 into the form and select Generate new key

  5. The server will then generate the following two files, that will be downloaded by the web browser:

    EdgeVis-Server-SSL-Certificate-Request.txt – this contains the Certificate Signing Request to be given to the service that will generate the certificate.

    EdgeVis-Server-SSL-Private-Key.txt – this contains the private key that goes with the certificate.

  6. Send the Certificate Signing Request to the service or person responsible for generating the certificate.

  7. Receive the signed certificate back.

Note: The private key must be backed-up and kept secure. If the private key is lost, then the certificate cannot be used to rebuild the server in the event of failure. The private key can be used by an attacker to eavesdrop on connections secured with the certificate if it is stolen. This key is not to be sent to the service generating the certificate.

Step 2 – Upload the certificate

Uploading a Certificate and Private Key to EdgeVis Server:

  1. Collect the required information:

    1. Address assigned to EdgeVis Server in the certificate
      (For example server.company.com)

    2. The Certificate and Private Key files in the correct format.
      If the certificate was generated using a request and key generated by EdgeVis Server, the two files required are the certificate that came back after submitting the request and the EdgeVis-Server-SSL-Private-Key.txt file downloaded when generating the request.

  2. From the Server Home Page go to Advanced Settings -> SSL configuration.

  3. Select Set up SSL from the Advanced Server Actions menu available at the top right of the Server Status

  4. Select Upload Certificate.

  5. Ensure that the Domain field has the address from Step 1.a in it.

  6. Browse to the Private Key and Certificate files in the other two fields in the dialog.

  7. Select Upload

  8. Reload the web browser, which should now report the connection as secure.

Note: All certificates have a limited lifetime. Check how to get a renewed certificate from the generating service or person. Once renewed, the new certificate must be uploaded using the same procedure.

Messaging Configuration

EdgeVis Server supports sending notifications on alarm events via Mobile Push, SMS and E-Mail. This allows users of the system to receive alarm notifications - even when they are not using EdgeVis Client.

This section provides guidance on how to set up and configure each of these methods of communication.

Note: Be aware that each of these services will send alarm notifications through third-party services. Digital Barriers can not guarantee the security or speed of delivery of any notifications sent through these mechanisms.

Mobile Push Notifications

Using Mobile Push Notifications, EdgeVis Server is able to send notifications to a user’s smart phone. This is a free service offered by Digital Barriers and provided using Amazon Web Services. It is disabled by default and requires a server administrator to enable it. Once enabled it applies to all domains.

Server settings for push notifications

The push notification service uses Amazon Web Services, which requires that the EdgeVis Server meets the following requirements:

  • It must be able to reach Amazon’s servers at sns.eu-west-1.amazonaws.com using HTTPS on port 443.

  • Any filtering/proxy of web traffic from the server mustn’t alter/delay the requests going to Amazon’s servers.

To enable/disable push notifications:

  1. From the Server Home Page go to Advanced Settings -> Messaging configuration

  2. Select Mobile push notifications

  3. Check the Enable Mobile Push Notifications check box to enable the service.

Registering users for push notifications

When the user logs in to the server using EdgeVis Client for iOS or Android, the device is automatically registered and assigned to the user. Once registered the device will receive notifications under the following conditions:

  • Any alarm rule notifications assigned to this user are sent to all their device(s).

  • If the user logs in using multiple devices, then all of those devices will receive push notifications.

  • If the device is used to log in to another server then notifications will be received from both servers.

  • If another user logs in using the same device, they take ownership of the device and only their notifications from that server will be received.

  • Uninstalling EdgeVis Client will stop notifications on the device. The device will need to log in and register again to start receiving notifications after the client is re-installed.

  • If the notifications setting is disabled for EdgeVis Client on the device, no notifications will be received until they are re-enabled. (See device manufacturer’s documentation for details)

  • The device’s behaviour on receiving a notification will be dependent on how it has been configured. For example, no ring tone will play if the device is set to silent.

To view the devices registered to a user, go to the user’s page within EdgeVis Server, then click the Push notifications button. The user themselves can see their list from the Settings menu within EdgeVis Client.

SMS Text Message Notifications

Using SMS, EdgeVis Server can send notifications to any phone number capable of receiving SMS text messages.

Note: In EdgeVis Server 7.2 and below, this service was implemented using the Cardboardfish messaging platform. The Cardboardfish platform has been acquired by Sinch and is no longer allowing new users to use the Cardboardfish interface. The settings for Cardboardfish will be preserved for existing users, however, we strongly recommend migrating to a provider that allows access via SMPP.

Server settings for SMS

This feature requires access to an SMS provider that supports sending messages using the SMPP protocol. There are a number of commercial providers who offer this service, usually charging by the message.

Requirements for service provider:

  • Must support an alphanumeric sender (e.g. “EdgeVis Server” or “12345”) -
    This is what the ‘from’ of the SMS will be set to

  • Must support sending to E.164 phone numbers (e.g. “441234567”)

  • EdgeVis Server must be able to reach the address and port supplied by the SMPP provider

To enable SMS on the server:

  1. From the Server Home Page go to Advanced Settings -> Messaging configuration

  2. Select SMS

  3. Check the Enable SMS Notifications check box and select SMPP from the drop down.

  4. Enter the server address/port and login details from the SMS Provider.

  5. The Sender field should be set to reflect what the ‘from’ part of the SMS should be. This can be a short phrase or phone number. Check with the SMS Provider what they allow for exact limits.

    Users within the United States should be aware of additional restrictions around the use of SMS – please refer to the next section for further detail.

Important note for US Customers

US law has strict rules regarding SMS and its use in commercial situations.

Users within the US must contact their provider to obtain a Toll Free Number (a small monthly charges will apply). As a commercial user of SMS, all SMS must be sent from a Toll Free Number to allow commercial SMS to be identified as such.

Note: Users who fail to obtain a Toll Free Number may find the SMS service will silently fail when the recipient is within the US – the SMS will send, but never be received.

User settings for SMS

For each user who desires to receive notification by SMS, they must first

  1. Open the user’s page within EdgeVis Server

  2. Click SMS

  3. On the SMS setting page, tick Use SMS for notifications, then enter the user’s phone number. This should be in full international phone number format (omitting any preceding zeros or plus signs)

Configuring e-mail for notifications and account e-mails

EdgeVis Server supports sending e-mail notifications and user account e-mails using SMTP and SMTPS protocols. This allows administrators to use most internal and third-party e-mail services.

Note: SMTP does not encrypt any data sent allowing anyone who can intercept it to read it. If the mail system you are connecting to is not on a secure network with EdgeVis Server, it is strongly recommended that EdgeVis Server is configured to use the encrypted SMTPS protocol instead.

Server settings for E-Mail

The requirements for EdgeVis Server to send e-mail are as follows:

  • An internal mail server or valid account on a third-party e-mail service.

  • EdgeVis Server must be able to contact the e-mail server using SMTP or SMTPS.

  • For SMTPS, the SSL certificate for the e-mail server must be trusted by the machine running EdgeVis Server.

The following sections describe how to enable e-mail notifications with an internal SMTP server, a Microsoft Exchange Server, and Google Mail’s SMTP service.

Internal SMTP settings

Connecting to an internal SMTP server with no authentication:

  1. Collect the following information from your Email administrator:

    1. Email server address
      for example: mail.company.com

    2. SMTP port number
      The default is 25

    3. The Email address notifications will come from
      for example: notifications@company.com

  2. From the Server Home Page go to Advanced Settings -> Messaging configuration

  3. Select Email

  4. Check the Enable SMTP Email Notifications check box and enter the information from step 1 into the fields on the dialog box. Make sure Requires TLS and Server Requires Authentication are left un-checked.

Microsoft Exchange settings

Connecting to a Microsoft Exchange server:

  1. Collect the following information from your Email administrator:

    1. Exchange server address
      for example: mail.company.com

    2. Exchange secure SMTP port number
      The default is 465

    3. The Email address notifications will come from
      for example: notifications@company.com

    4. User that corresponds to the above address
      for example: notifications

    5. Password for the above user

  2. From the Server Home Page go to Advanced Settings -> Messaging configuration

  3. Select Email

  4. Check the Enable SMTP Email Notifications check box and enter the information from step 1 into the fields on the dialog box. Check Requires TLS and Server Requires Authentication as well.

Google Mail settings

Connecting to Google Mail service:

  1. Collect the following information from your Email administrator:

    1. The Google Mail address notifications will come from
      for example: notifications@gmail.com

    2. Password for the above address

  2. Several Google settings must be configured to allow access

    1. Log in to Google Mail and follow Step 1 in the Set up Gmail with Outlook, Apple Mail, or other mail clients instructions available here: https://support.google.com/mail/troubleshooter/1668960?hl=en

    2. Users who employ Google’s two-factor authentication are required to create an app-specific password to use with EdgeVis Server. Follow this link to create such a password (for Step 12):
      https://security.google.com/settings/security/apppasswords?pli=1

    3. If not using two-factor authentication Google Mail needs to be configured to allow plain password authentication. To do this follow the instructions here: https://support.google.com/accounts/answer/6010255?hl=en

  3. From the Server Home Page go to Advanced Settings -> Messaging configuration

  4. Select Email

  5. Check the Enable SMTP Email Notifications check box

  6. Enter smtp.gmail.com as the Server Address

  7. Enter the Google Mail address from step 1 as the From Address

  8. Check the Requires TLS check box

  9. Enter 587 as the Port Number

  10. Check the Requires Authentication check box

  11. Enter the Google Mail address from step 1 as the Username

  12. Enter the password from step 1 as the Password (or Step 2b. for two-factor authentication users).

Where next?


Did this answer your question?