By default, the DW Spectrum server is installed with a generated self-signed certificate which has the lowest security level. If you use this certificate and use a web browser to connect to the server through HTTPS, a warning message will appear stating that the connection to the site is not secure. This means that using the self-signed certificate is not recommended, even though a secure connection is used. It is therefore recommended to obtain a certificate from an authorized certificate provider and install it on the server that is used for public access (from outside of the local network).
To Obtain and Install an Authorized Certificate
1.Obtain a certificate from any certificate provider (for instance, see the list of top ones here: https://www.techradar.com/news/best-ssl-certificate-provider).
2.Create a file cert.pem with the Private Key and Entire Trust Chain (see the instructions on the certificate provider's web site).
3.Place the cert.pem file in the following folder:
•Windows: C:\Windows\System32\config\systemprofile\AppData\Local\Digital Watchdog\Digital Watchdog Media Server\ssl
4.Restart the server.
For servers within the local network it is recommended to install the Self-Signed SSL certificate into the Trusted Root Certificate Authorities Store (https://specopssoft.com/support-docs/specops-password-reset/reference-material/installing-the-self-signed-ssl-certificate-into-the-trusted-root-certificate-authorities-store/).
To View A Server's Security Certificate
1.Right-click on a server and select Server Settings.
2.Find the Certificate field and click on the DW Spectrum hyperlink.
3.A dialog displaying the following information about the SSL certificate will appear:
•Certificate signer (e.g. Self or Trusted CA)
To Set Server Certificate Validation
This option prevents the Desktop Client from connecting to untrusted servers (the ones not having a valid certificate). This is set individually for each instance of the Desktop Client.
1.Open Main Menu > Local Settings > Advanced tab.
2.Click on the Server certificate validation dropdown menu and choose one of the following options:
•Disabled – Any certificate is allowed. No warnings are displayed.
IMPORTANT: This may lead to privacy issues.
•Basic – On first connection, self-signed certificates are pinned automatically.
•Recommended – Your confirmation will be requested to pin self-signed certificates.
•Strict – Only trusted certificates are allowed (i.e. no self-signed certificates).
To Get Notifed about Certificate Validation Issues
If a certificate is invalid, the "Server Certificate Error" event is fired.