Configure the Flexnet License Administrator web portal to use HTTPS

Issue

Cybersecurity vulnerability scans are flagging the Building Operation License Server because it is using HTTP rather than HTTPS

Product Line

EcoStruxure Building Operation

Environment

• Building Operation Enterprise Server
• Building Operation Enterprise Central
• Building Operation License Server

Cause

The Building Operation License Server contains a web portal for diagnostics and administration. By default, the Building Operation License Server Administration web portal is configured to use HTTP

Resolution

It is possible from the Administration area of the Building Operation License Server Administration web portal to configure HTTPS communications.

Note: this does not change how Ecostruxure Building Operation connects to the license server.

The following process configures the Building Operation License Server Administration web portal to use HTTPS

1. From a web browser open the Building Operation License Server Administration web portal by typing http://localhost:8888 Once the web portal opens, select Administration at the top right.
2. You will be prompted to log on, use "admin" as the user name. If you have logged in before, use the password you have defined. If not, enter "admin" as the password, and you will then be prompted to create a password. Once signed in Select the Server Configuration tab.
3. Under the Secure Web Server Configuration section, select Enable HTTPS
4. Change HTTPS Port to a unique number e.g. 8443
5. Select Redirect Non-Secure Web Access to Secure Web Access

   

6. At the bottom of the page click the Save button and close the web browser tab.
7. Restart the Building Operation X.X License Server from the Windows Services app (services.msc)

If the license server is opened using http://localhost:8888 it will now redirect to HTTPS using the port specified in step 4 above