Connection settings

A. Connection type

By default, DataSecurity Plus uses the ports listed below based on the connection type: HTTP: 8800

HTTPS: 9163

To change these ports, select the connection type, enter the desired port number, and click Save. Then, restart the DataSecurity Plus server to ensure unhindered event collection.

Once a DataSecurity Plus professional edition license is applied, HTTPS connection will be mandatory to ensure secure data transfers.

Configuring SSL

Applying Secure Sockets Layer (SSL) certificates to DataSecurity Plus ensures that all data transfers between users’ web browsers and the DataSecurity Plus server remain secure. DataSecurity Plus mandates the use of HTTPS connections for heightened security, and this guide explains the steps to enable SSL for DataSecurity Plus.

The steps to enable SSL vary depending on whether you already have a signed SSL certificate.

• If you already have an SSL certificate, skip ahead to Step 3.
• If you do not have an SSL certificate yet, follow the entirety of this guide.

DataSecurity Plus can generate a certificate signing request (CSR) that can then be submitted to your certificate authority (CA) for signing. The signed certificate can then be uploaded to the DataSecurity Plus console. To achieve this, follow these steps:

• Generate a certificate or CSR
• Request certificate signing from a CA
• Define the SSL port in the DataSecurity Plus console
• Upload your SSL certificate

1. Generate a certificate or CSR

The following steps detail the procedure for creating a certificate or CSR from the DataSecurity Plus Admin Console:

• Log in to the DataSecurity Plus console with an account that has administrative privileges.
• From the applications drop-down menu, select Admin Console.
• Navigate to General Settings > Connection.
• After defining the port, click Apply SSL Certificate next to DataSecurity Plus Portal (https).
• On the next page, select Generate Certificate.
• Provide the required details:

  Parameter	Description
  Common Name	Enter the name of the server on which DataSecurity Plus is running.
  SANs	Enter the names of the additional hosts (sites, IP addresses, etc.) that are to be protected by the SSL certificate.
  Organizational Unit	Enter the department name that is to appear on the certificate.
  Organization	Enter the legal name of your organization.
  City	Enter the city name as shown in your organization’s registered address.
  State/Province	Enter the state/province as shown in your organization’s registered address.
  Country Code	Enter the two-letter code of the country in which your organization is located.
  Password	Enter a password that is at least six characters long.
  Validity (In Days)	Enter the number of days for which the certificate should be valid. If no value is provided, it will be set to 90 days.
  Public Key Length (In Bits)	Enter the public key length. The larger the size is, the stronger the key will be. The default size is 1,024 bits, and the size can be increased only in multiples of 64.

• If you plan to use a self-signed certificate, click Generate and Apply Self-Signed Certificate. This will create the SSL certificate and bind it to DataSecurity Plus to finish enabling HTTPS. Otherwise, proceed to the next step.
• Click Generate CSR.

  Note: For the steps to manually create a CSR file, refer to the manual SSL configuration guide.

• The generated CSR can be downloaded by clicking Download CSR on the pop-up. Alternatively, the created CSR file can be found in <installation directory>\ManageEngine\DataSecurity Plus\jre\bin. This file must be submitted to your CA for signing—to do so, follow the directions in the next section.

2. Request certificate signing from a CA

The steps below provide instructions for connecting to a CA, submitting the CSR, procuring the SSL certificate, and importing it.

2.1 From Microsoft Certificate Services (internal CA)

For an internal CA:

• Connect to Microsoft Certificate Services and click Request a certificate.
• Click advanced certificate request, then select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
• Open the CSR file using a text editor, copy the content, and paste it under Saved Request.
• Select Web Server as the Certificate Template and click Submit.
• Click the Download certificate chain link to download the issued PKCS #7 Certificate type to the <installation directory>\ManageEngine\DataSecurity Plus\jre\bin folder. The downloaded certificate will be in P7B format.
• Click Home in the top-right corner and click Download a CA certificate, certificate chain, or CRL.
• Click Download CA certificate to download and save the root certificate in CER format.

2.2 From an external CA

Contact your CA to get the commands required to receive signed certificates.

3. Define the SSL port in the DataSecurity Plus console

Once you have your CA-signed SSL certificate, follow these steps to define the HTTPS port in the DataSecurity Plus console:

• Log in to the DataSecurity Plus console with an account that has administrative privileges.
• From the applications drop-down menu, select Admin Console.
• Navigate to General Settings > Connection.
• Select DataSecurity Plus Portal (https) as the Connection Type and enter the port number you plan on using for DataSecurity Plus.

Note: DataSecurity Plus provides an option to use a default SSL certificate. However, we strongly recommend uploading your own SSL certificate for maximum security.

4. Upload your SSL certificate

To upload your CA-signed SSL certificate, follow these steps:

• Click Apply SSL Certificate next to Upload or Generate SSL Certificate.
• On the next page, select Apply Certificate.
• There are two upload options you can choose from:
  • Option 1—ZIP Upload: If your CA has sent you a ZIP file, click ZIP Upload > Browse and select your target file. If your private key is password-protected, then enter the password next to Private Key Passphrase.
  • Option 2—Individual Certificate: If your CA has sent you just one certificate file (PFX or PEM format), click Individual Certificate. Next to Upload Certificate, click Browse and select your certificate. Then, next to Upload CA Bundle, click Browse and select your CA bundle files. Finally, provide your Certificate Password.

  Note: If your CA has sent the certificate content, paste the content in a text editor and save it in a CER, CRT, or PEM format. Then, upload the file by following the steps for Option 2.

• Click Apply.
• Restart the DataSecurity Plus server for the changes to take effect.

B. Online hosting

Hosting DataSecurity Plus online enables users to access the product anytime and from anywhere. For steps to host DataSecurity Plus online, refer to this guide.

C. Session properties

This setting allows administrators to define how long a user's session can be inactive in their browser before they are automatically logged out of the DataSecurity Plus web console. By default, sessions will time out after 30 minutes of inactivity. Any changes to this duration will be reflected only after the DataSecurity Plus server is restarted.

D. Configure proxy settings

To configure DataSecurity Plus to use a proxy server for connecting to the internet, follow the steps below:

• Login to the DataSecurity Plus web console.
• Go to Admin Console > Admin > General Settings > Connection, and click the Proxy Settings tab.
• Enable the Proxy Server Settings checkbox.
• Specify the Server Name or IP Address of your proxy server.
• If your environment has an authentication-enabled proxy setup, check Authentication and type in the Username and Password.
• Click the Save button.