This tab contains various security settings of TeamWox. They are divided into several boxes: Certificates, Security for passwords and working sessions, Authentication, Proxy server and Processing of public requests.
TeamWox works using the HTTPS protocol through port 443. All the transmitted information is encrypted using the installed SSL certificate. By default a certificate issued by MetaQuotes Software CA is installed in the system. This certificate is untrusted what causes the displaying of the corresponding warning in the browsers of users. To avoid it, one should add the MetaQuotes Software CA to the list of trusted one according to the instructions given in the "Certificate Installation" section.
The upper part of the certificates block contains the information about the certificate already installed: Issuer, Subject, Expires. Various commands of managing the certificates are located below:
You can generate a request for a certificate to be sent to the certification center by pressing the "Request new certificate" button located in the upper block. Once you have pressed this button, the following window will appear:
The following parameters are specified here:
•Common name — the common name of the certificate.
•Locality — the town your company is located in.
•Organization — your company's name.
•Organization Unit — your company's department responsible for certification matters.
•E-Mail — the e-mail address to contact your company.
•Country — the country your company is located in.
•State/Province — the state/province your company is located in.
•Street — the street your company is located in.
•Domain — the domain your TeamWox system is located at.
•Key length — key length alternatives: 1024 or 2048 bits.
Once all the necessary information has been entered, press the "Continue" button. If you press the "Cancel" button, this window will be closed and the request won't be sent. If you press the "Continue" button, a request to be sent to one of the trusted certificate centers will be generated:
This request should be copied and sent to the chosen certificate center according to its instructions.
Answer received from the certification center should be copied back to TeamWox. To do it, one should press the "Use certificate authority response" button.
In the appeared window it is necessary to insert the answer received from the certification authority. Once you press the "Apply" button, the certificate will be installed in the TeamWox system.
A certification authority can provide the answer of two types — in the X509 or PKCS format. The difference is the latter type includes intermediate certificates in addition to the main one. Thus, when installing the certificate in TeamWox all the intermediate certificates are additionally installed on the server. It guarantees that all browsers will consider the certificate installed for TeamWox as a trusted one.
Depending on the type, the answers of security centers may look as following:
It is recommended to use PKCS format of answers of certification authorities.
Many companies give an opportunity of unlimited reissuing of certificate during the whole period of its validity. The reissuing of certificate may be necessary in the following cases:
•The private key is lost or it became known to a third party;
•Incorrect information was specified in the certificate;
•Certificate doesn't work properly.
In this case in is necessary to re-generate the certificate request. Then it is necessary to go to the website of the certificate issuer and pass the special reissuing procedure. Here are the links to the most popular certificate authorities:
•Thawte — https://www.thawte.com/reissue
After passing the reissuing procedure, one should insert the answer received from the certificate authority to the corresponding window again. The certificate will be reinstalled as soon as it is done.
Replacing Current Certificate with Another Ready Certificate (*.pfx)
In order to modify the current certificate, you should press the "Change certificate" button. The following window will appear as soon as you do it:
In order to specify a new certificate, press the "Browse" button and choose it in the standard window of file choosing. If your certificate has a password, then you should specify it in the corresponding field. To upload the new certificate, press the "Upload" button. To cancel the operation, you should press the "Cancel" button.
You can download the PFX file of the certificate installed in the system to your PC by pressing the "Export the certificate" button. The window that requests the certificate password appears as soon as you do it. If the certificate does not have one, you should leave the password field empty and press the "OK" button. Once you have done that, a standard browser window should open where you can specify whether to open or to save the file.
Set controlling working sessions by IP addresses
This option allows increasing the security of the system. If it is enabled, the connection session of a user binds to their IP address. Thus, if the next connection is performed from another address then to enter the system the user will have to specify their login and password once again, regardless of the "Remember me" option in the authorization window.
Request to change user password after N days
This option is also aimed at increasing the security of working in the system. If the security policy of of a company requires changing of user passwords after a specific period of time, enable this option and set the number of days. Once the specified time period has passed, a user is asked to change the password right in the TeamWox interface using the following window:
The window contains the following fields:
•Login — in this field, a user login is specified.
•New password — a new password must be specified here. The new password must differ from the previous one. It must be complex enough (be at least 6 characters long and contain upper and lower case letters and digits).
•Confirm — in this field, the new password must be entered again.
•Current Password — to prevent unauthorized changing of password, the current user password must be specified in this field.
TeamWox provides the possibility to authorize users with their logins and passwords they have in the Active Directory domain or via security certificates.
If you enable this option then the users will be able to enter the system using their Active Directory logins and passwords. Also you should specify the domain name in the "Domain" field, for example: "ad.company.com".
ActiveDirectory users may also use their current login and password to authorize in WebDAV for accessing "Documents" and in CalDAV for accessing "Calendar". To activate this feature, enable options "Use for WebDAV authentication in Documents module" and "Use for CalDAV authentication in Calendar module".
To quickly start working in the system one can import users from the Active Directory.
You can allow the authentication of users via certificates emitted by a trusted certification center. To do it, tick the "Use client certificates via trusted certification centers" field.
•In the "Check by" field, you should select the field of the certificate to check by. Three variants are available: by common name, by E-Mail or by personal certificate. In the first case, the common name of the certificate and the login of the user in TeamWox will be matched. In the second case, the e-mail specified in the certificate and the one specified in the user's contact details will be matched. If you choose the variant of authentication by the personal certificate, then certificates generated for users directly in the TeamWox system will be used.
•In the "Certificate authority list" field you should specify public certificates obtained from certification authorities, by which users will be able to log in to the system. To do it you should press the "Browse" button and specify corresponding *.cr or *.crt file. In order to make the specified certification center take effect, you should put a tick against it.
If the connection of TeamWox server to the internet is performed through a proxy server then you should set up the following parameters:
•Use a proxy sever — to enable operation using proxy server you should tick this field. Then you should specify the address and port of the server separated by colon. For example, proxy.company.com:3128.
•Login — login for the authorization at the server.
•Password — password for the authorization at the server.
If a login and password are not needed then you should leave those fields empty. You can get the parameters specified above from your system administrator.
In this box, you can set up the parameters of the public access to the system for the components of integration with external web resources.
The following options are available here:
•Allow public access
•Consider the X-Forwarded-For header for requests from the following IP addresses
•Allow use of HTTP
To save your modified settings, press the "Update" button. If you want to cancel the changes you made, you should press "Cancel".