KBI 311975 Argent Omega Supports Secure HTTPS Web GUI

Version

Argent Omega 2.2.2202.11 and above

Date

Thursday, 3 March 2022

Summary

This article describes Argent Omega improved support for secure HTTPS web GUI.

Technical Background

In default setting, Argent Omega web GUI is accessible via http://server_name:6100.

Before enabling HTTPS support for Argent Omega web GUI, navigating via HTTPS protocol will returns the following error.

Argent Omega comes with NGNIX web server service that can be optionally enabled to receive secure HTTPS communication for Argent Omega’s web GUI.

Enabling Argent Omega Secure HTTPS Web GUI

First, locate the following file and create backup.

Drive:\Argent\ArgentOmega\ArgentOmegaMain.exe.config

Edit the above configuration file, as below

From <add key=”nginx” value=”—disable-nginx-1.17.10″ />

To <add key=”nginx” value=”nginx-1.17.10″ />

Upon completion, save edit and restart Argent Omega service.

Wait for one minute to allow service restart to complete.

Argent Omega is now enabled for secure HTTPS communication.

Navigate to Argent Omega web GUI via HTTPS protocol, for example, https://localhost:6100

An error will be displayed if certificate was not added to Trusted Root Certification Authorities on client machine, for example.

The above error is not an issue, as Argent Omega comes with self-signed certificate which require adding to client machine’s Trusted Root Certification Authorities.

Customer can safely bypass the warning, proceed to the web GUI.

Argent Omega web GUI will be displayed properly using secure HTTPS protocol.

The Argent Omega Self-Signed Certificate

Argent Omega comes with self-signed certificate which can be reported by web browser as an invalid certificate, as example below.

It is completely normal as self-signed certificate typically does not contain all attributes required for web browser’s validation on SSL certificate.

Common reasons behind SSL Certificate Error on Google Chrome are listed below.

1. The System Time is not the real-time.

2. The SSL certificate has Expired.

3. Google Chrome is not updated.

4. The SSL certificate is not Installed properly.

5. The SSL certificate is not issued by a Trusted Certificate Authority (CA) or a self-signed certificate is used to secure a website.

6. The website is secured with an outdated 128-bit SSL.

7. The website is secured with an outdated SHA-1 Algorithm.

8. Untrusted SSL Client Certificate error.

Certificate purchased from SSL certificate vendor like Verisign, Sectigo will be seen as valid SSL certificate.

Argent Omega Supports Customer Supplied SSL Certificate

Argent Omega certificate folder is Drive:\Argent\ArgentOmega\CERT

Certificate file has extension *.CRT

Private key file has extension *.KEY

For customer want to their own certificate, copy the certificate and private key to the above folder.

Ensure certificate and private key are named the same, with corresponding file extension.

For example

Next, edit file Drive:\Argent\ArgentOmega\ArgentOmegaMain.exe.config

Using the “MyCertificate” example, certificate does NOT have password protection, edit as below

From <add key=”ssl_certificate” value=”self-signed” />

To <add key=”ssl_certificate” value=”MyCertificate” />

Optionally, if certificate is password protected, add below syntax

<add key=”ssl_certificate_pass” value=”MyCertificate_password.txt” />

Ensure password is correctly saved in MyCertificate_password.txt and file is located in the same folder as the certificate and private key.

Multiple certificate and private key files can be retained in the CERT folder.
However, ensure only define ONE certificate is referenced in the ArgentOmegaMain.exe.config.

Ensure Argent Omega service restart after the above edit.

Validate by opening Argent Omega web GUI via HTTPS protocol.

Example of a Custom SSL Certificate

Resolution

Upgrade to Argent Omega 2.2.2202.11 or above.