×

It's time to move from Web HMI to Proficy Operations Hub! Visit the Operations Hub web page, download a free trial or check out the datasheet.

Home
Certificate Management and Content Security
Set up a Whitelist
You create a whitelist of safe domains that Web HMI can load in to an iframe.

Web HMI Products Documentation

Certificate Management and Content Security
- Certificate Management
  Certificate management is an integral part of securing communication between Web HMI and web browsers.
- Install CA Certificates
  You must install Certificate Authority (CA) certificates on each client and server machine where Web HMI is installed.
- Apply Custom Certificates
  Modify the Reserve Proxy configuration file to use custom certificates.
- Install Workflow Certificate in iPad Clients
  To interact with Workflow task lists through Web HMI on iPad devices, you must install the Workflow ProficySelfSignedCA certificate in each device.
- Set up a Whitelist
  You create a whitelist of safe domains that Web HMI can load in to an iframe.
  - Whitelists
    The whitelist feature allows web content to load in to Web HMI.
- Security Recommendations
  To create a secure Web HMI environment, follow these recommendations.

Set up a Whitelist

You create a whitelist of safe domains that Web HMI can load in to an iframe.

In Application Assembler, you can use the Whitelist_Web_Frame(GE) widget in a mashup to call any domain in that whitelist.

Open the Reverse Proxy configuration file located in <install path>\ProficyWebServer\ReverseProxy\serverConfig.json.
In the whitelist field, enter a list of comma-separated domain names surrounded by quotation marks. Always preface these names with https unless using a wildcard character. Use wildcards to allow the access of subdomains as well as all sources:
"*.domain.com","https://wws.domain.*","*"
Save the serverConfig.json file.
Navigate to the Windows Services menu to restart the GE Proxy service.
Refresh the browser clients.