Watchdoc - Certificates - Manage certificates

New feature from v. 6.1.0.5011

Principle

Watchdoc exchanges information with various devices (printers, MFPs and mobiles) using interfaces such as WES and other APIs. To secure these pages accessible via the Internet, Watchdoc uses the TLS/SSL (via 5753 and 5754 ports) protocol based on self-signed certificates.

 

Previously, these certificates or others signed by a certification authority could be managed using the WCM (Wachdoc Certificate Manager) command-line tool. WCM was also used to diagnose anomalies involving certificates and SSL/TLS protocols.

 

Watchdoc now has a dedicated interface for managing certificates, which is easier to use than WCM. This tool remains operational, however.

 

You can also set up notifications for expired certificates so that you are informed before they expire, thanks to events "The HTTP server's certificate will expire soon" and "The HTTP server's certificate is expired" (cf. Configure notifications).

In a domain configuration, this notification can be replicated from the master server to the other servers (slaves).

 

Watchdoc does not need a certificate with the ‘Certification Authority’ attribute. For security reasons, we do not recommend importing such certificates into the manager.

 

N.B. : The certificates for the Watchdoc administration interface and the ‘My account’ page for Watchdoc users depend on MS IIS®.

Access the configuration interface

Before the version 6.1.0.5262

  1. Access the Main Menu of the administration interface of your Watchdoc server as administrator,

  2. in the Configuration section, click Advanced Configuration.

  3. In the Advanced Configuration interface, click Certificates :

 

è This will take you to the Certificate Management interface.

 

After the version 6.1.0.5262

Appeared in version 6.1.0.5262, this section brings together the parameters relating to the Watchdoc web server and the certificates that secure access to it.

In previous versions, the DSP section is located in the Configuration System interface (Main menu > Configuration section, Advanced configuration > System configuration > DSP section).

 

Modifying elements on this page may cause this administration interface to be unavailable for a few seconds. If an error occurs, please reload the page.

To access the Watchdoc Web Server management interface.

  1. From the Main Menu of the administration interface, Configuration section, click Advanced Configuration;

  2. in the [Server_name] > Advanced Configuration interface, click Certificates (before v. 6.1.0.5262) or Web Server (after v.6.1.0.5262):

 

è This takes you to the Watchdoc Web Server management interface.

Presentation of the interface

The interface is divided into 4 sections:

  • the Certificates section displays a list of available certificates. These certificates are used to secure the web server entry points specified in the DSP section (see Manage web server entry points and associated certificates).

    • Use the radio button to select a certificate and display the information below;

    • in the column Is signed:

      • the logo indicates that the certificate is not signed;

      • the logo indicates that the certificate is auto-signed;

      • the logo indicates that the certificate is signed by a certification authority.

    • in the column Actions:

      • the button is used to delete a certificate;

      • the button is used to download the certificate;

      • the button is used to download the CSR of the certificate in order to send it to the certification authority for signing.

  • the section Generation of a new certificate allows you to generate a new auto-signed certificate (which you can then have signed by a certification authority) ;

  • the section Import a certificate allows you to import an existing certificate.