Nx Meta User Manual

Key Concepts

•The Nx Meta media server is installed with a dynamically-generated, self-signed certificate.

•Self-signed certificates are (HTTPS) secure, but should be replaced with certificates from industry-compliant providers.

•Users may see additional, connection-security warning messages when using self-signed certificates.

•By default, the "Server Certificate Error" event-notification is generated when a certificate is invalid.

•Servers that can be accessed outside of the Sites' local network should have certificates from industry-compliant providers.

•OpenSSL is recommended for Ubuntu Linux and macOS platforms.

NOTE: Due to the variety of certificate providers and client operating systems, this document does not cover the configuration or acquisition of server certificates. Any guidance regarding certificate installation and validation is for reference purposes only.

Set the Server Certificate Validation Level

This option prevents the Desktop Client from connecting to media servers without valid certificates and must be set for each instance of the Desktop Client.

1.Open Main Menu > Local Settings > Advanced tab.

2.Click on the Server certificate validation drop-down menu and choose one of the following options:

•Disabled – Any certificate is allowed. No warnings are displayed and may create privacy issues.

•Recommended – Your confirmation will be requested to pin self-signed certificates.

•Strict – Only trusted certificates are allowed (i.e. no self-signed certificates).

3.Apply changes.

Add a Certificate to the Trusted Certificate Storage

•Use the address as specified in the csr.conf and cert.conf files in section DNS when accessing the VMS Server application, otherwise you’ll get a certificate error.

•Repeat these steps for each client you use to connect to the system.

For Windows:

1.Double-click on your CA certificate, a window opens, and select Install Certificate.

2.Select Current user Store Location.

3.Select the Trusted Root Certification Authorities under the Certificate Store.

4.Select Yes on the security warning tab.

For macOS:

•Please refer to the Apple support article: Add certificates to a keychain using Keychain Access on Mac.

For Ubuntu Linux (using default Firefox browser).

1.Move the certificate to the appropriate directory: Open a terminal and copy the certificate file to the certificates' directory using the command:

sudo mv /path/to/ca.crt /usr/local/share/ca-certificates/

2.Update the system's certificate store using the update-ca-certificates command:

sudo update-ca-certificates

3.Open Firefox and go to the Main menu through the hamburger menu in the top-left and select Options.

4.Select Privacy & Security and scroll down to Certificates.

5.Select View Certificates and the Certificate Manager window opens.

6.Select Authorities and select Import.

7.Locate the created ca.crt certificate file and select Open.

8.Select the Trust this CA to identify websites checkbox and select Ok.

View the Security Certificate for a Server

1.Right-click on a Server in the Resource Tree and select Server Settings.

2.While viewing the General tab, find the Certificate field and click on the hyperlink view the certificate.

3.A dialog displaying the following information about the SSL certificate will appear:

•Certificate signer

•SHA fingerprints

•Certificate data

•Expiration date