Help Center

Quick Start

File Auditing

File Analysis

Data Risk Assessment

Endpoint DLP

Cloud Protection

Administrative settings

General settings

Release notes

Troubleshooting

Guides

Third-party software Contact us

Connection settings

Under Configuration > General Settings > Connection, technicians with admin access to the DataSecurity Plus console can configure the following settings:

When changes are made to any of these settings, the DataSecurity Plus server must be restarted to reflect them.

A. Connection type

By default, DataSecurity Plus uses the ports listed below based on the connection type: HTTP: 8800

HTTPS: 9163

To change these ports, select the connection type, enter the desired port number, and click Save. Then, restart the DataSecurity Plus server to ensure unhindered event collection.

Once a DataSecurity Plus professional edition license is applied, HTTPS connection will be mandatory to ensure secure data transfers.

Configuring SSL

Applying Secure Sockets Layer (SSL) certificates to DataSecurity Plus ensures that all data transfers between users’ web browsers and the DataSecurity Plus server remain secure. DataSecurity Plus mandates the use of HTTPS connections for heightened security, and this guide explains the steps to enable SSL for DataSecurity Plus.

The steps to enable SSL vary depending on whether you already have a signed SSL certificate.

  • If you already have an SSL certificate, skip ahead to Step 3.
  • If you do not have an SSL certificate yet, follow the entirety of this guide.

DataSecurity Plus can generate a certificate signing request (CSR) that can then be submitted to your certificate authority (CA) for signing. The signed certificate can then be uploaded to the DataSecurity Plus console. To achieve this, follow these steps:

1. Generate a certificate or CSR

The following steps detail the procedure for creating a certificate or CSR from the DataSecurity Plus Admin Console:

  • Log in to the DataSecurity Plus console with an account that has administrative privileges.
  • From the applications drop-down menu, select Admin Console.
  • Navigate to General Settings > Connection.
  • After defining the port, click Apply SSL Certificate next to DataSecurity Plus Portal (https).
  • On the next page, select Generate Certificate.
  • Provide the required details:
    Parameter Description
    Common Name Enter the name of the server on which DataSecurity Plus is running.
    SANs Enter the names of the additional hosts (sites, IP addresses, etc.) that are to be protected by the SSL certificate.
    Organizational Unit Enter the department name that is to appear on the certificate.
    Organization Enter the legal name of your organization.
    City Enter the city name as shown in your organization’s registered address.
    State/Province Enter the state/province as shown in your organization’s registered address.
    Country Code Enter the two-letter code of the country in which your organization is located.
    Password Enter a password that is at least six characters long.
    Validity (In Days) Enter the number of days for which the certificate should be valid. If no value is provided, it will be set to 90 days.
    Public Key Length (In Bits) Enter the public key length. The larger the size is, the stronger the key will be. The default size is 1,024 bits, and the size can be increased only in multiples of 64.
  • If you plan to use a self-signed certificate, click Generate and Apply Self-Signed Certificate. This will create the SSL certificate and bind it to DataSecurity Plus to finish enabling HTTPS. Otherwise, proceed to the next step.
  • Click Generate CSR.

    Note: For the steps to manually create a CSR file, refer to the manual SSL configuration guide.

  • The generated CSR can be downloaded by clicking Download CSR on the pop-up. Alternatively, the created CSR file can be found in <installation directory>\ManageEngine\DataSecurity Plus\jre\bin. This file must be submitted to your CA for signing—to do so, follow the directions in the next section.

2. Request certificate signing from a CA

The steps below provide instructions for connecting to a CA, submitting the CSR, procuring the SSL certificate, and importing it.

2.1 From Microsoft Certificate Services (internal CA)

For an internal CA:

  • Connect to Microsoft Certificate Services and click Request a certificate.
  • Click advanced certificate request, then select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
  • Open the CSR file using a text editor, copy the content, and paste it under Saved Request.
  • Select Web Server as the Certificate Template and click Submit.
  • Click the Download certificate chain link to download the issued PKCS #7 Certificate type to the <installation directory>\ManageEngine\DataSecurity Plus\jre\bin folder. The downloaded certificate will be in P7B format.
  • Click Home in the top-right corner and click Download a CA certificate, certificate chain, or CRL.
  • Click Download CA certificate to download and save the root certificate in CER format.

2.2 From an external CA

Contact your CA to get the commands required to receive signed certificates.

3. Define the SSL port in the DataSecurity Plus console

Once you have your CA-signed SSL certificate, follow these steps to define the HTTPS port in the DataSecurity Plus console:

  • Log in to the DataSecurity Plus console with an account that has administrative privileges.
  • From the applications drop-down menu, select Admin Console.
  • Navigate to General Settings > Connection.
  • Select DataSecurity Plus Portal (https) as the Connection Type and enter the port number you plan on using for DataSecurity Plus.

Note: DataSecurity Plus provides an option to use a default SSL certificate. However, we strongly recommend uploading your own SSL certificate for maximum security.

4. Upload your SSL certificate

To upload your CA-signed SSL certificate, follow these steps:

  • Click Apply SSL Certificate next to Upload or Generate SSL Certificate.
  • On the next page, select Apply Certificate.
  • There are two upload options you can choose from:
    • Option 1—ZIP Upload: If your CA has sent you a ZIP file, click ZIP Upload > Browse and select your target file. If your private key is password-protected, then enter the password next to Private Key Passphrase.
    • Option 2—Individual Certificate: If your CA has sent you just one certificate file (PFX or PEM format), click Individual Certificate. Next to Upload Certificate, click Browse and select your certificate. Then, next to Upload CA Bundle, click Browse and select your CA bundle files. Finally, provide your Certificate Password.

    Note: If your CA has sent the certificate content, paste the content in a text editor and save it in a CER, CRT, or PEM format. Then, upload the file by following the steps for Option 2.

  • Click Apply.
  • Restart the DataSecurity Plus server for the changes to take effect.

B. Online hosting

Hosting DataSecurity Plus online enables users to access the product anytime and from anywhere. For steps to host DataSecurity Plus online, refer to this guide.

C. Session properties

This setting allows administrators to define how long a user's session can be inactive in their browser before they are automatically logged out of the DataSecurity Plus web console. By default, sessions will time out after 30 minutes of inactivity. Any changes to this duration will be reflected only after the DataSecurity Plus server is restarted.

Topics in this page:

Don't see what you're looking for?

  • Visit our community

    Post your questions in the forum.

     

  • Request additional resources

    Send us your requirements.

     

© 2023 Zoho Corporation Pvt. Ltd. All rights reserved.