Web Server Screen

On this screen, specify the settings for the web server you will use to host the Endpoint Application Control web console.

Figure 1. The Web Server Screen

If Setup detects a Microsoft Internet Information Server (IIS) 7.0 or later server in your environment, then Microsoft IIS server and IIS virtual website will be enabled and selected by default.

Important:

Setup applies the settings on this screen only if there is no existing installation. If you upgrade or reinstall over an existing installation, Setup uses the settings from that installation.

Before selecting a web server, see the additional information on web servers at Web Server Considerations.

Enabling TLS/SSL

Enabling this feature may require you to import a server certificate authority (CA) to agent endpoints. You can use the automatically-created certificate and CA, or you can use your own certificate and public or private CA. Typically, you only need to import a private CA.

Tip:

To learn more about TLS/SSL, see TLS/SSL Considerations.

To secure connections using Transport Layer Security (TLS) or Secure Sockets Layer (SSL), do the following:

  1. Select Enable TLS/SSL. Setup automatically creates the required certificate. To learn about TLS/SSL implementation in Endpoint Application Control, see TLS/SSL Considerations.

  2. Optionally, add your own certificate and public or private CA to the Endpoint Application Control server certificates folder.

    To replace the automatically-generated certificate, follow the steps to import a certificate for your web server type:

    Table 1. Import TLS/SSL Certificate

    Web Server Type

    Steps

    Apache Tomcat

    Do the following:

    1. Use a P12 format file that includes the certificate and private key.

      Tip:

      To create a P12 format file from a PEM format file or files, after completing server installation, use OpenSSL on the Endpoint Application Control server. For example, you might type the following single-line command at the command prompt:

      openssl pkcs12 -export -password pass:changeit -chain -name WebServerCert -in WebServerCert/WebServer_Cert.pem -inkey WebServerCert/WebServer_Key.pem -out WebServerCert/WebServer_Cert.p12

    2. Set the P12 format file name to WebServer_Cert.p12 and use the password from the Apache Tomcat server.xml configuration file. The default password is changeit.

    3. Copy the P12 format file to the following path on the Endpoint Application Control server:

      C:\Program Files (x86)\Trend Micro\Endpoint Application Control\SSLCerts\WebServerCert\

    Microsoft Internet Information Server (IIS)

    In Windows Server 2008, do the following:

    1. Open the IIS Microsoft Management Console (MMC).

      For example, click Start > All Programs > Administrative Tools > Internet Information Services (IIS) Manager.

    2. In the left pane, click your server name.

      The Home screen for your server appears in the center pane.

    3. In the center pane, double-click Server Certificates.

      The Server Certificates screen appears.

    4. Under Actions in the rightmost pane, click Complete Certificate Request....

      The wizard window appears.

    5. Under File name containing the certification authority's response type the file name or click "..." to browse to the file. Then, type a Friendly name and then click OK.

      The certificate is installed to the server and the wizard window closes.

    6. In the left pane of the Internet Information Services (IIS) Manager window, expand your server name, expand Sites, and then click the EndpointApplicationControl virtual site.

      The Home screen for the virtual site appears in the center pane.

    7. Under Actions in the rightmost pane, click Bindings....

      The Site Bindings window appears.

    8. Under Type, click https, and then click Edit....

      The Edit Site Binding window appears.

    9. Under SSL Certificate, select the certificate that you installed using the wizard and then click OK.

      The Edit Site Binding window closes.

    10. Click Close to close the Site Bindings window.

      The certificate is configured for use with Endpoint Application Control.

  3. To use the automatically-created certificate or your own private certificate, import the CA.

    For example, do one of the following:

Default Ports

The following table lists the default port numbers for the Endpoint Application Control web server:

Web Server Selected

HTTP Port

HTTPS Port

(TLS/SSL)

Configurable

Apache Tomcat

8080

4343

Yes

Microsoft Internet Information Server (IIS)

Default website

80

443

 

Microsoft Internet Information Server (IIS)

Virtual website

8080

4343

Yes