Skip to content
vScope Support Page

HTTPS

To ensure secure connections and data transfer, we recommend using HTTPS when connecting to the vScope web application.

Set up HTTPS via reverse proxy

The recommended option, suitable for most cases, is to allow an existing reverse proxy or load balancer to handle HTTPS connections and proxy the traffic to the vScope server over HTTP.

Configure the reverse proxy

It is possible to set up vScope with any third-party reverse proxy. Please refer to the official documentation for your specific software on how to properly configure and secure it. Below are some examples and links to help you get started.

Basic example configuration to help you get started with NGINX. Be sure to read NGINX Reverse Proxy for proper guidance and additional information.

server {
   listen 443 ssl;
   server_name vscope.example.tld;


   ssl_certificate /path/to/fullchain.pem;
   ssl_certificate_key /path/to/key.pem;


   location / {
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;


      proxy_pass http://vscope:80/;
   }
}

Other common reverse proxies

Update Base URL in vScope

Open vScope in your browser and navigate to Settings > Network.

Update Base URL to the address that end-users will use to access vScope. This address is used in communication with end-users, such as in emails, and should always be kept up-to-date. Be sure to include https:// along with the address (e.g. https://vscope.example.tld).

Set up HTTPS in vScope

If you don’t have, or prefer not to use, a reverse proxy, you can configure HTTPS directly in vScope by uploading a certificate.

Generate a self-signed certificate with OpenSSL

If you already have a certificate you can skip ahead to Configure vScope.

While it is recommended to use a publicly trusted certificate, vScope can be used with a self-signed certificate.

Generate self-signed certificate
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout key.pem -out cert.pem -subj '/CN=vscope.example.tld' -addext 'subjectAltName=DNS:vscope.example.tld'
openssl pkcs12 -export -inkey key.pem -in cert.pem -name vscope -out keystore.p12

The first command will generate a key and certificate valid for 10 years (3650 days) and for the domain vscope.example.tld. If you use these commands be sure to replace the domain with your actual domain.

The second command will ask you to set at password and package both the key and the certificate as a PKCS#12 file keystore.p12. This is the file you will upload to vScope.

Due to how OpenSSL works both the key and the keystore itself will be password protected with the password you entered when you ran the command.

Configure vScope

  1. Enable HTTPS
    In vScope, navigate to Settings > Network and enable HTTPS.

  2. Upload the certificate

    Upload the certificate on the right hand side by clincking on Upload and selecting it from your file system.

  3. Configure the HTTPS port
    Enter the port vScope will use to accept HTTPS connections. The default port is 443 and we recommend you leave it unchanged unless necessary.

  4. Configure passwords
    Both the keystore and the key inside can be password protected. Enter the password(s) into the respective text field.

    It is not unusal for both to be password protected and with the same password. If you generated a self-signed certificate as per the instructions above then this will indeed be the case.

  5. Configure alias
    If your keystore only contains one certificate then you can leave this empty and vScope will find and use it.

    If you have multiple certificates in the keystore then enter the alias of the certificate that vScope should use into the text field.

  6. Save the configuration
    Click Save to apply your configuration.

  7. Reload webservice
    Allow 10-15 seconds for the service to restart.

Ensure that it works by accessing the vScope web UI using https:// in the address field.

Update Base URL

Update Base URL to the address that end-users will use to access vScope. This address is used in communication with end-users, such as in emails, and should always be kept up-to-date. Be sure to include https:// along with the address (e.g. https://vscope.example.tld).

Common errors

Failed to update settings: Keystore validation failed: No valid certificates found

vScope couldn’t find a certificate to use in the keystore. Ensure that the keystore actually contains a certificate and key.

If you didn’t enter a keystore password this most likely means that your keystore is password protected.

Failed to update settings: Keystore conversion failed: Keystore conversion failed: Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

The key is likely password protected and you did not enter a password, or the password you entered is incorrect.

If you have used OpenSSL to generate your certificate then the key password will be the same as the keystore password, unless instructed otherwise.

In case you are unsure how your certificate was generated then try to enter the same password in the “Key password” text field anyway, if only to eliminate the possibility of this being the issue.

Failed to update settings: Keystore Parsing failed. Supported types: [pkcs12, jks]. Exceptions: [as ‘pkcs12’:keystore password was incorrect, as ‘jks’:keystore password was incorrect]

The keystore could not be read because the password is incorrect. Try re-entering the password.

Locked out of vScope / vScope is not starting properly

If you are locked out of vScope web UI due to a misconfiguration, you can temporarily disable HTTPS by following these steps:

  1. Stop the vScope service
    Stop the running vScope service on your server.

  2. Navigate to the configuration folder
    On the server, open the .settings folder in the vScope data folder, e.g.
    C:\vScopeData\configuration\.settings.
    You might have to enable “Show hidden files” in your file manager.

  3. Edit the settings file
    Open the com.infrasight.web.common.prefs file in a text editor.

  4. Disable HTTPS
    Find the line:
    https.enabled = true
    Change the value to:
    https.enabled = false

  5. Restart the vScope service
    Start the vScope service again.

  6. Access the UI and reconfigure HTTPS
    Log in to the vScope web UI and navigate to Settings > Network and reconfigure HTTPS with the correct settings.