Documentation Center

2.2  Global Configuration

SimServe contains a global configuration file that allows settings for the web interface and TLS certificates to be adjusted. Changes made to the global configuration file impact all users.

2.2.1  Web Interface IP and Port

SimServe hosts a web interface which must be bound to an IP address and port that’s available on the computer. By default, SimServe binds the web interface to all IP addresses on the computer. It uses port 80 to listen for HTTP traffic, and port 443 to listen for HTTPS traffic. Sometimes, the web interface must be bound to a specific IP address or the ports must be changed. This need typically arises when other software is installed on the computer that is already using the same IP addresses or ports as SimServe. If needed, the procedure below can be followed to change the web interface IP address, HTTP port, or HTTPS port.

  1. Open the Windows Service Control Manager and stop the SimServe service as shown.
    PIC

  2. On the computer where SimServe is installed, navigate to "%ProgramFiles(x86)%\SCADAmatic\SimServe\Config" in the Windows file explorer. PIC

  3. Open the file called "global.ssglb" using a text editor like Notepad.
    PIC

  4. Set "children.webServerThread.self.ipAddress" to the desired IP address. If you’d like to bind the web interface to all IP addresses on the computer, type in "0.0.0.0".
    Please note, the IP address assigned to the web interface must also be added to a Windows network adapter. Please consult Windows documentation for instructions on how to do this.
  5. Set "children.webServerThread.self.portHTTP" to the desired HTTP port.
    Please note, the port entered must not be used by any other service running on this computer.
  6. Set "children.webServerThread.self.portHTTPS" to the desired HTTPS port.
    Please note, the port entered must not be used by any other service running on this computer.
  7. Open the Windows Service Control Manager and start the SimServe service.

2.2.2  TLS Certificates

The SimServe web interface uses HTTPS, which requires SimServe to have access to a TLS certificate and private key. When SimServe is installed, it places a "self signed" TLS certificate and generated private key on the computer’s hard drive. Because the certificate is self signed, when browsers access the web interface, users will receive a warning that the authenticity of the web interface could not be verified. Users will be allowed to ignore this security warning, however some users would prefer to not see this warning at all. To prevent the warning from appearing, a certificate must be installed that is trusted by the user’s organization. This may be a self signed certificate that has been manually added to the browser’s trusted certificates, or it could be a TLS certificate generated by a trusted certificate authority like DigiCert. To install a custom TLS certificate and corresponding private key, follow the steps below:

  1. Open the Windows Service Control Manager and stop the SimServe service as shown.
    PIC

  2. Backup the cert.PEM and key.PEM files in "%ProgramFiles(x86)%\SCADAmatic\SimServe\TLS"
  3. Generate a TLS certificate and corresponding private key that the user’s organization will trust. The certificate and private key must satisfy the following requirements:

    Certificate Type

    X.509

    Certificate Format

    PEM

    Certificate File Name

    cert.PEM

    Key Format

    PEM

    Key File Name

    key.PEM

    If you’re unfamiliar with certificate and private key generation, several sources are available online. Below is a sample command that can be used to generate a self signed TLS certificate/key pair using OpenSSL

    openssl req -nodes -new -x509 -keyout key.pem -out cert.pem

  4. Replace the old TLS certificate and private key in "%ProgramFiles(x86)%\SCADAmatic\SimServe\TLS" with the generated files in step 3.
  5. Open the Windows Service Control Manager and start the SimServe service.
  6. Open a browser and go to the SimServe web interface. Ensure everything is working properly. If not, restore the cert.PEM and key.PEM files backed up in step 2.