Step 1: (if not already completed) Enabling Encryption

Immediate Insight streams data to the client by opening two websocket connections to the browser, a control channel and a data channel. By default, Immediate Insight is configured for HTTP. To activate encryption (HTTPS) on websockets:

  • Type set-ssl command to enable encryption on browser sessions.
  • Type reload server to make changes take effect.
  • Quit browser and re-login using https instead of http (https://ip-address-of-server:3201) – Chrome is the recommended browser.

    Note: You will get a Certificate warning but will be able to login after ignoring it.

Step 2: Managing Certificates & Stopping Warning Messages

We recommend the best practice use of matching CA certs installed in user’s browsers to reduce the possibility of man-in-the-middle attacks and provide a smoother user experience.

During installation, a self-signed rootCA pair is generated automatically in app/config/certs.

Note: You can replace this pair with your own CA by overwriting the rootCA.key and rootCA.pem files, however this is an advanced task – most can use the self-signed certs provide.

Type “set-certs” followed by “reload server” to activate the certificate.

Next, copy app/config/certs/rootCA.pem file from the Immediate Insight server to your computer (using an SFTP or SCP client)

Load the Certificate into your Browser. Instructions for Chrome:

  • Settings -> Show Advanced Settings -> HTTPS/SSL -> Manage Certificates
  • Trusted Root Certification Authorities -> Import (specify rootCA.pem file)

Restart browser – next time you log into Immediate Insight you should not see cert warning.

Note: While the system has a reasonable set of security measures in place, the present release is designed to run in a secure and trusted environment. If you have a need to expose it directly to the Internet, please contact iisupport@firemon.com to discuss additional hardening procedures.