If you want to limit your SEP-server to only listen to HTTPS protocol and NOT SEP (or vice versa) it is a very easy procedure.
There are 2 ways of doing this: either directly from the SEP Management Console (MC) or in the configuration file.From the SEP MC (Management Console)
1. Open up SEP MC
2. Go to Configuration and click on Server tab
3. Under Connectivity Settings, make sure to UNTICK
Listen for incoming SSL Tunnel Connections and make sure that "Allow management of the server on this port" is greyed out - see picture
4.Scroll down click apply.
5. An information window pops up and states: "The new settings will take effect after the server has been restarted".
6. Exit the Management Console
7. Open up the SEP server monitor (can be done from systray) and click on the red STOP button - this will stop the SEP server service
8. Start the SEP server service again by clicking on the green play button
(this can ofcourse also be done from Services.msc)
9. Make sure the service is started correctly – the status that should be stated in the monitor is: "SEP Server is up and running."
SEP server is now only listening to HTTPS protocol - you can verify this by going to the configuration file – Read below for how to do that:
From the configuration file
1. Go to SEP server installation directory (default: C:\Program Files\SEP Server\enterprise)
2. Locate and open configuration.xml with notepad
3. Make sure that the String:
- <SslIp></SslIp> is in the config file
Also Locate strings:
- <SslAllowManagement> and change it to <SslAllowManagement>False</SslAllowManagement>
- <SslForExternalUse> and change it to <SslForExternalUse>False</SslForExternalUse>
4. Restart the SEP-server Service follow the steps above or go to Services.msc and locate Cryptzone SEP Server and restart it.
5. Verify by opening the SEP server service:
The SEP server is now only listening to HTTPS protocol - you can verify this by opening up the SEP-server MC (Management Console) as in the steps above . Or by trying to connect with MC using the SEP protocol and it will fail
How to make the SEP client only use HTTPS:
There are 3 ways of making SEP client only use HTTPS:
- When Creating MSI in SEP
- In the policy (if you are using SEP clients version 5.0.38 or newer) or
- Manually per SEP client.
When creating MSIs
1. In the SEP MC go to tools/Create Installer
2. Under the Connection tab: highlight sep://yourservername:8888 and remove it before creating the installer MSI package
In the Policy creating MSIs
If your users are having SEP clients 5.0.38 or newer you can change the protocol from the SEP Server using policy.
1. In SEP MC go to policies, highlight your policy (in the example Ultra Security)
2. Click on Editor tab/SEP Settings/other
3. Tick SEP Server URLs and Add your SEP server adress (in the example: https://sepservername.com:443
4. Scroll Down and click apply
5. Restart the SEP-server service
Manually in the SEP-client
You can also change which protocols SEP-client is using manually.
1. Right click on the SEP client in systray and cliuck settings
2. Click on Profile management tab highlight the server you want to remove and click remove server please note that it is only possible to change this if if you have allowed users to change this on the policy, a setting called "SEP Client Policy Lock" or if you are using Master Password Client
3. Verify by highlighting the Server and note that the URL is https