For the installation of the WebClient, a WebClient module has been provided in the AdminClient.

Preparations for installation

To carry out the installation of the WebClient without any further complications, the following preparations should be carried out:

System requirements

It should first be ensured that all of the system requirements have been met.

Web service

When calling up the WebClient module in AdminClient for the first time, the web service firstly needs to be started.

The Password Safe Server will restart as a result. The configuration interface is then displayed in the WebClient module.

SSL certificate

When starting the web service, the certificate selected in the basic configuration for use with the web services will be configured and connected to port 11016. This is the connection certificate for communication between the web server and the Password Safe server.

Firewall

The port 11016 TCP must have been enabled for incoming communication.

Databases

All databases that are to be used on the WebClient need to be approved for this purpose. It is sufficient to double click on the corresponding database. The option Activate access via WebClient can now be selected.

Installation

The WebClient is generated by the AdminClient and made available in a ZIP archive. Depending on the web server used, the ZIP archive is created accordingly. The installation also differs depending on the relevant web server. Irrespective of the web server used, the following information firstly needs to be entered:

Target file
The folder where the ZIP archive containing the WebClient should be saved is entered here.

Server IP
The IP address for the Password Safe server is displayed here for purely informative purposes.

Web server host address
The IP address or the host name of the web server needs to be entered.

Port
The port that is used to communicate with the WebClient is entered here.

All of the subsequent steps or the required tasks will be explained below for each specific web server.

Microsoft IIS

If the WebClient is being operated on a Microsoft IIS web server, there are two methods for integrating it into the system:

Create as its own website
For this option, a website with the name “WebClient” will be directly created on the IIS by config.bat. The WebClient will be operated here from the standard directory C:\inetpub\wwwroot.

Integrate in existing website
requires there to be an existing website. Therefore, a website needs to be firstly created on the IIS web sever. The name of the website then needs to be entered in the AdminClient. It is also necessary to enter the folder from which the WebClient should be operated under *website directory”. The format here is “/webclient”

Once all of the settings have been entered, the WebClient can be created via the corresponding button in the ribbon. When the ZIP archive containing the WebClient has been created, it is copied to the previously defined directory (C:\inetpub\wwwroot as standard) and unzipped there to create a new directory.

Config.bat

The file config.bat can be found in the newly created WebClient directory and now needs to be executed when logged on as the administrator. This will integrate the WebClient into the IIS web server.

If the website has been correctly created, this will be correspondingly indicated by the notification IIS page created.

Certificate

The certificate then needs to be saved. Select the newly created website on the IIS web server. The bindings can now be opened on the far right.

Select the https entry and open it for editing. The SSL certificate is then selected here.

In addition, the Password Safe certificate needs to be exported from the Password Safe Server and imported onto the ISS under local computer > trusted root certificate location -> certificates. Further information can be found in the section “Certificates“https://help.passwordsafe.de/v8/1/en/topic/zertifikate.

Apache

In order to integrate the WebClient onto an Apache server, it is first necessary to enter all of the relevant settings:

Document directory
The folder from which the WebClient should be operated is entered here.
The default folder is /var/www/html

SSL certificate path
It is necessary to enter the directory in which the certificate will be saved here.

SSL certificate key path
Finally, it is necessary to enter where the certificate key is located here.

Once all of the settings have been entered, the WebClient can be created via the button in the ribbon. The folder in which the ZIP file is located will then open automatically. The archive is now unzipped and the contents copied to the document directory on the web server.

The configuration for the Apache server has now also been created and can be viewed on the AdminClient.

The configuration can be selected using CTRL+A and copied. It is then directly integrated onto the Apache server.

Standard configuration
The file /etc/apache2/sites-available/default-ssl.conf is (for example “nano”) opened. Everything between <IfModule mod_ssl.c> und </IfModule mod_ssl.c> is now deleted and replaced by the configuration from the server. Apache is subsequently restarted via systemctl reload apache.

The WebClient is now ready to use and can be directly started. Further information can be found at the end of this section under “Calling up the WebClient”:https://help.passwordsafe.de/v8/1/en/topic/installation-webclient#aufruf.

nginx

In order to integrate the WebClient onto an nginx server, it is first necessary to enter all of the relevant settings:

Document directory
The folder from which the WebClient should be operated is entered here.
The default folder is /var/www/html

SSL certificate path
It is necessary to enter the directory in which the certificate will be saved here.
The standard path here is /etc/nginx/certs/webclient.crt

SSL certificate key path
Finally, it is necessary to enter where the certificate key is located here.
The default setting is /etc/nginx/certs/webclient.key

Once all of the settings have been entered, the WebClient can be created via the button in the ribbon. The folder in which the ZIP file is located will then immediately open. The archive is unzipped and its contents are copied to the document directory on the web server.

The configuration for the nginx server was also created together with the ZIP file. This can be directly viewed on the AdminClient.

The configuration then still needs to be integrated onto the nginx server. It can be directly copied on the AdminClient for this purpose.

Standard configuration
The file /etc/nginx/sites-available/default is firstly opened. For example via “nano”. Now search for the entry server { }. The configuration for the AdminClient is then added. Finally, the web server is restarted using the command systemctl restart nginx.

The WebClient is now ready to use and can be directly started.

CORS configuration

A button for the so-called CORS configuration can be found on the ribbon. It is essential that this configuration is carried out before the WebClient can be used. A list of the permitted CORS domains will be saved as a result. Requests received via the WebClient can then be checked against this list. The request will only be successfully carried out if the origin header for a request is available in the permitted domains.

In order to add a domain, simply enter it at the bottom of the dialogue. Clicking on will add the entry to the list at the top.

Calling up the WebClient

The process for calling up the WebClient is dependent on the configuration of the web server:

WebClient in root directory -> https://hostname
WebClient in a subdirectory -> https://hostname/pfad-zum-unterverzeichnis
Port is not set to 443 -> https://hostname:port/pfad-zum-unterverzeichnis

Redirecting

Redirecting from http to https is also set up in the configuration for IIS, apache and nginx web servers.

In the case of an ISS web server, the redirect rule is written directly in the web server configuration. The binding for port 80 must also be configured in IIS for the redirect.

In the case of apache and nginx web servers, a corresponding configuration is created that needs to be manually added to the correct configuration file.

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.