Use https instead of http for Historian client, Historian Client Web, and rest APIs
- Last UpdatedFeb 27, 2025
- 3 minute read
Typically, customers using Historian Client Web or the REST API can connect to a Historian server from a Historian Client or other client application using an unencrypted (HTTP) connection. (Even without an encrypted connection, the user credentials exchanged during login are still encrypted.) You can also use an encrypted connection (HTTPS) for the REST API, and this requires configuring an X.509 certificate for TLS (transport layer security).
About TLS, HTTPS, and X.509 certificates
TLS allows for encrypted authentication credentials to be passed between a server and client. A certificate containing a private key is passed between the client and server to verify identification and allow access.
Using HTTPS ensures that communication between the client and server is encrypted, helping to prevent third parties from stealing or tampering with your data.
To configure the HTTPS connection to the Historian, you need an X.509 certificate. The certificate can be from a trusted authority or a self-signed certificate. During the installation and configuration of the Historian, you can import a certificate from a trusted authority if you have one, otherwise the configurator can create a self-signed certificate for you.
About configuring security
When you configure the Historian server, you choose one of two options to control what happens when a user connects using the unencrypted (HTTP) connection:
-
Favor trusted connections, but permit untrusted connections
When this option is selected, users are informed there is a trusted connection available, and they can decide how to proceed using one of three options:
-
Always use the trusted connection
If the user clicks this link, their browser will be permanently redirected to the HTTPS connection. Any future attempts to use the HTTP connection with the same browser are automatically redirected to the HTTPS connection without a prompt.
-
Use the trusted connection this time
Clicking this link redirects the browser to the HTTPS connection, but only for this session. The next time a connection is made in a new browser session, the user is prompted to choose again.
-
Continue with the untrusted connection (not recommended)
If the user clicks this link, the browser continues using the HTTP connection, but only for this session. The next time a connection is made in a new browser session, the user is prompted to choose again.
-
-
Require trusted connections (clients must trust this certificate)
When this option is selected, if you are using a certificate from a trusted authority, users are redirected to the HTTPS connection.
If you are using an untrusted certificate, such as a self-signed certificate, the following informational message is displayed:
Users can click Use the untrusted, encrypted connection to use the HTTPS connection.
Warning: It is important to understand the risks associated with using an untrusted self-signed certificate. The browser warnings encountered while using a self-signed certificate could also indicate that the server has been compromised or hijacked by a third party. To avoid the risk of conditioning users to ignore important security warnings, follow the steps in the next section to enable remote clients to trust the self-signed certificate.
Use a self-signed certificate
If you choose to use a self-signed certificate with the Historian, you are responsible for configuring all clients to trust that certificate. Clients that haven't trusted the certificate see a security warning in their browser.
For example, if you configure your Historian using a self-signed certificate, users connecting with the Google Chrome browser see a warning message similar to the following:
