Who is this article for?
Incydr Professional and Enterprise, no.
Incydr Basic and Advanced, no.
CrashPlan Cloud, no.
Other product plans, yes.
CrashPlan for Small Business, no.
This article applies to on-premises authority servers.
Web restores initiated from an on-premises authority server for an archive stored in the Code42 cloud require SSL for all connections. Web restores fail if SSL is not configured. Specifically, instead showing a list of the backed up files, the operating system progress indicator stops responding and may appear stuck.
Server security requires a CA-signed certificate and the TLS protocol
Reliable security of any production web server requires an SSL certificate signed by a trusted certificate authority (CA) and enforced use of the TLS protocol (that is, HTTPS, not HTTP).
Your on-premises Code42 authority server is no exception. A Code42 server that is configured to use a signed certificate, strict TLS validation, and strict security headers protects server communications with browsers, your Code42 apps, and other servers.
- By default, your authority server uses a self-signed certificate and TLS. That provides for encrypting client-server traffic.
- Adding a CA-signed certificate provides further security by confirming your server's identity to clients. It prevents attackers from acquiring client data through counterfeit servers and encryption keys.
- Never reconfigure a production server to use HTTP, rather than TLS and HTTPS.
- Configuring Code42 servers and apps to use strict TLS validation further ensures the security of client-server connections.
- Configuring Code42 servers to use an HTTPS Strict Transport Security (HSTS) response header further prevents unencrypted browser access to Code42 consoles.
Code42 environments with an on-premises authority server also using Code42 cloud storage that do not have a browser connection established on TCP 4285 (HTTPS).
We strongly recommend configuring your Code42 console to use HTTPS on port 4285 (not HTTP on port 4280):
- Correct example: https://localhost:4285/console/login.html
- Incorrect example: http://localhost:4280/console/login.html
Using HTTPS allows you to perform web restores as well as strengthen the overall security of your Code42 environment. We also recommend you import a CA-signed SSL certificate to give your users additional verification that the administration console is secure and is controlled by your organization.
If your web restore is failing even though you have HTTPS configured correctly, see our web restore troubleshooting tips.
HTTPS is required to connect to storage hosted by Code42 because it ensures the information sent between your Code42 console and Code42 is encrypted in transit. When a POST HTTP request is made to the authority server on HTTP, it must attempt a redirect to the more secure HTTPS. Since POST doesn't support redirection, the session cannot redirect and the web restore stalls.