Enable encryption on the mobile server

To use an HTTPS protocol for establishing a secure connection between the mobile server and clients and services, you must apply a valid certificate on the server. The certificate confirms that the certificate holder is authorized to establish secure connections.

For more information, see the certificates guide about how to secure your XProtect VMS installations.

When you configure encryption for a server group, it must either be enabled with a certificate belonging to the same CA certificate or, if the encryption is disabled, then it must be disabled on all computers in the server group.

Certificates issued by CA (Certificate Authority) have a chain of certificates and on the root of that chain is the CA root certificate. When a device or browser sees this certificate, it compares its root certificate with pre-installed ones on the OS (Android, iOS, Windows, etc.). If the root certificate is listed in the pre-installed certificates list, then the OS ensures the user that the connection to the server is secure enough. These certificates are issued for a domain name and are not free of charge.

Steps:

  1. On a computer with a mobile server installed, open the Server Configurator from:

    • The Windows Start menu

    or

    • The Mobile Server Manager by right-clicking the Mobile Server Manager icon on the computer task bar
  2. In the Server Configurator, under Mobile streaming media certificate, turn on Еncryption.

  3. Click Select certificate to open a list with unique subject names of certificates that have a private key and that are installed on the local computer in the Windows Certificate Store.

  4. Select a certificate to encrypt the communication of XProtect Mobile client and XProtect Web Client with the mobile server.
  5. Select Details to view Windows Certificate Store information about the selected certificate.

    The Mobile Server service user has been given access to the private key. It is required that this certificate be trusted on all clients.

    The encryption tab in the Server Configurator with enabled encyption and installed certificates.

  6. Click Apply.

When you apply certificates, the Mobile Server service restarts.