Web Server Certificate (SSL)

The platform is shipped with a self-signed certificate, TLS v1.2.

Certificate Requirements

  • A Java Keystore (JKS) containing both a public certificate and its private key.
  • The JKS must have a store password and a key password.
  • The JKS name must match the "Certificate Path" setting within the platform's web console settings.

Applying the Certificate

  1. Place your custom keystore.jks file in the <ZigiOps>\conf folder.
  2. Update the platform's web console settings with the certificate's details.
    • Certificate Path - this is the certificate's file location, for example, "conf/keystore.jks"
    • Certificate Key Password - this is the certificate's key password.
    • Certificate Key Manager Password - this is the certificate's key manager password.
  3. Restart the platform's service.
  4. Close all opened browser sessions to the platform's web console.

Multi-Factor Authentication (MFA)

The platform supports Multi-Factor Authentication (MFA). This is an optional addition to the hardening process that will prevent unwanted access to the ZigiOps UI by allowing only whitelisted addresses to log in.

How to Configure and Enable the MFA

ZigiOps is not configured to work with MFA by default. Follow the steps below to configure and enable it.

  1. Open the <ZigiOps>\conf\config.properties file in any text editor.
  2. Add the below properties on a new line at the end of the file.

    zigiwave.mfa.enabled=true
    zigiwave.mfa.allowed.ips=localhost, <IP-1>, <IP-2>, <IP-n>
    CODE

  3. Save the changes and restart the ZigiOps service.

MFA Parameters Summary

Note that the parameters are not present in the config.properties file by default, but they are applied with some default values.

ParameterDetailsPossible Value(s)
zigiwave.mfa.enabledThe property that controls if the MFA will be enabled or not.true/false
zigiwave.mfa.allowed.ipsThis is the list of addresses allowed to log in to the ZigiOps UI. The value should be comma-separated, e.g., localhost, 10.1.1.1, 10.1.1.2 .. etc.localhost/<IP>

How to Disable the MFA

Follow the steps below to disable the MFA.

  1. Open the <ZigiOps>\conf\config.properties file in any text editor.
  2. Set the zigiwave.mfa.enabled parameter to be false.
  3. Save the changes and restart the ZigiOps service.