This tab contains various security settings of TeamWox. They are divided into several boxes: Certificates, Security for passwords and working sessions, Authentication, Proxy server and Processing of public requests.
TeamWox works using the HTTPS protocol through port 443. All the transmitted information is encrypted using the installed SSL certificate. By default a certificate issued by MetaQuotes Software CA is installed in the system. This certificate is untrusted what causes the displaying of the corresponding warning in the browsers of users. To avoid it, one should add the MetaQuotes Software CA to the list of trusted one according to the instructions given in the "Certificate Installation" section.
The upper part of the certificates block contains the information about the certificate already installed: Issuer, Subject, Expires. Various commands of managing the certificates are located below:
You can generate a request for a certificate to be sent to the certification center by pressing the "Request new certificate" button located in the upper block. Once you have pressed this button, the following window will appear:
The following parameters are specified here:
Once all the necessary information has been entered, press the "Continue" button. If you press the "Cancel" button, this window will be closed and the request won't be sent. If you press the "Continue" button, a request to be sent to one of the trusted certificate centers will be generated:
This request should be copied and sent to the chosen certificate center according to its instructions.
Answer received from the certification center should be copied back to TeamWox. To do it, one should press the "Use certificate authority response" button.
In the appeared window it is necessary to insert the answer received from the certification authority. Once you press the "Apply" button, the certificate will be installed in the TeamWox system.
A certification authority can provide the answer of two types — in the X509 or PKCS format. The difference is the latter type includes intermediate certificates in addition to the main one. Thus, when installing the certificate in TeamWox all the intermediate certificates are additionally installed on the server. It guarantees that all browsers will consider the certificate installed for TeamWox as a trusted one.
Depending on the type, the answers of security centers may look as following:
-----BEGIN PKCS #7 SIGNED DATA-----
-----END PKCS #7 SIGNED DATA-----
It is recommended to use PKCS format of answers of certification authorities.
If several certificate requests were previously generated then the TeamWox system chooses the right one by itself and applies to it the inserted answer of a certificate authority.
Many companies give an opportunity of unlimited reissuing of certificate during the whole period of its validity. The reissuing of certificate may be necessary in the following cases:
In this case in is necessary to re-generate the certificate request. Then it is necessary to go to the website of the certificate issuer and pass the special reissuing procedure. Here are the links to the most popular certificate authorities:
After passing the reissuing procedure, one should insert the answer received from the certificate authority to the corresponding window again. The certificate will be reinstalled as soon as it is done.
In order to modify the current certificate, you should press the "Change certificate" button. The following window will appear as soon as you do it:
In order to specify a new certificate, press the "Browse" button and choose it in the standard window of file choosing. If your certificate has a password, then you should specify it in the corresponding field. To upload the new certificate, press the "Upload" button. To cancel the operation, you should press the "Cancel" button.
You can download the PFX file of the certificate installed in the system to your PC by pressing the "Export the certificate" button. The window that requests the certificate password appears as soon as you do it. If the certificate does not have one, you should leave the password field empty and press the "OK" button. Once you have done that, a standard browser window should open where you can specify whether to open or to save the file.
To provide the system security, a fixed password complexity control is implemented. Any password must contain as many as 6 characters including lower-case, upper-case and numeric characters.
This option allows increasing the security of the system. If it is enabled, the connection session of a user binds to their IP address. Thus, if the next connection is performed from another address then to enter the system the user will have to specify their login and password once again, regardless of the "Remember me" option in the authorization window.
This option is also aimed at increasing the security of working in the system. If the security policy of of a company requires changing of user passwords after a specific period of time, enable this option and set the number of days. Once the specified time period has passed, a user is asked to change the password right in the TeamWox interface using the following window:
The window contains the following fields:
This option works only with authentication using login and password. In case a user authorizes in the system through Active Directory or using acertificate, the window of password changing does not appear.
TeamWox provides the possibility to authorize users with their logins and passwords they have in the Active Directory domain or via security certificates.
If you enable this option then the users will be able to enter the system using their Active Directory logins and passwords. Also you should specify the domain name in the "Domain" field, for example: "ad.company.com".
Besides enabling the above mentioned option, the special permission should be assigned to the users: "Authenticate by login in domain", it can be found in the "Users -> Permissions" tab in the "Server" block. Also the logins of users in the "TeamWox" system must be similar to the ones in Active Directory.
ActiveDirectory users may also use their current login and password to authorize in WebDAV for accessing "Documents" and in CalDAV for accessing "Calendar". To activate this feature, enable options "Use for WebDAV authentication in Documents module" and "Use for CalDAV authentication in Calendar module".
It should be noted that these settings imply some technical restrictions, due to which users created in TeamWox manually cannot use WebDAV and CalDAV.
To quickly start working in the system one can import users from the Active Directory.
You can allow the authentication of users via certificates emitted by a trusted certification center. To do it, tick the "Use client certificates via trusted certification centers" field.
If the connection of TeamWox server to the internet is performed through a proxy server then you should set up the following parameters:
If a login and password are not needed then you should leave those fields empty. You can get the parameters specified above from your system administrator.
In this box, you can set up the parameters of the public access to the system for the components of integration with external web resources.
The following options are available here:
Once having bought and installed a certificate issued by a trusted certificate authority, you should disable the "Allow use of HTTP" option.
To save your modified settings, press the "Update" button. If you want to cancel the changes you made, you should press "Cancel".