Firstly - our current setup:
* Serco Facility and ePortal setup on our shiney admin server.
* Facility Connect API installed so that Fronter, our up-coming VLE, can link in to gather pupil data
* SSL certificate that came with the API installed to allow access over https
* ISP has sorted out reverse proxy so eportal.schoolname.norfolk.sch.uk redirects to the IP address of a NIC on our admin server - this is to allow external access by Fronter to gather data, but also by teachers and parents from off site.
* I can set things up so that SSL is mandatory, but this shows a security warning everytime a user loads up the site. You can install the certificate, but as the name stored in the certificate doesn't match the site the warning can't be got rid of permanetly.
Now, i've considered just leaving it and not worrying - but it looks untidy; i want redirect to SSL automatically and not have alarming warnings on screen. I'm having trouble thinking of a solution that works without being a complete cludge, or potentially expensive.
I imagine i would have trouble altering the security certificate as, because of how our system works, the URL to access ePortal is different onsite and off. Presumably one or the other would still give the warning about site names not matching.
I had also thought of using a separate server for external ePortal access only with SSL set on, and ePortal on our admin server for onsite access only without SSL. I could accomplish this quite easily (i have a server i can repurpose and then its just assiging it the IP our external access URL points to), obtaining an SSL certificate thats relevant for the external URL only. The problem with this is that this would then be the server Fronter would access to gather data and i've no idea how significant the SSL certificate that was supplied with the API is to this process...
Any advice from people with the same setup, or who are otherwise well informed?
Things have changed. If it's available using the API, your data is live. If you use csv's you have to surely produce a new set and upload them every time you want to refresh data?
I believe (though i could be wrong, i'd have to check) that the certificate error is due to it being unsigned by a certified authority. IE verisign, for example, rather than the server address.
The only way i know of to rid that warning is to purchase one, which costs about 500 squid per year.
For a SSL certificate? You can get them cheaper than that, and in some cases, free.The only way i know of to rid that warning is to purchase one, which costs about 500 squid per year.
SSL is not an area of my expertise but a simple google search came up with http://www.instantssl.com (other suppliers of SSL certificates are available!). If you pay your local authority IT provider to support you, they may be able to provide you with advice for setting this sort of thing up, or even a free SSL certificate?
If you search on the forums for Free SSL you will find a provider of free ones for schools, and they work grrrrrreat
I do apologise, i stand corrected, and thanks for the information that will come in handy.
sorry to resurrect an old thread. just wondering how everyone is doing it at the moment? we are currently using the 4 csv files. but to complicate matters we also have a single sign on so the username in fronter must match our active directory usernames. do we need to move over to the API?
I would advise you talk to your Fronter Support team as its a you know what in terms of accounts and updating them, we were on CSV, but think we have the API now working at last and up and running which, if it is, is great news at last! The end of the update CSV and kick the program to upload them.
how do i sign up
There are currently 1 users browsing this thread. (0 members and 1 guests)