SOCaaP

• Introduction
  • Logging-in To The SOCaaP Console
• Dashboard Overview
  • Summary
  • Alerts,Incidents And Website Vulnerabilities
  • Customer Health
• SOCaaP Alerts/Escalations
  • Log-in To The Admin Console
  • The Home Screen
  • Service Summary
  • Incidents Overview
    • Incidents
    • Threat Summary
  • Log Collection Summary
  • Threat Communication Graph
  • Tickets
  • Reports
  • Notification Settings
  • Integrate Your Office 365 Account With SOCaaP
• SOCaaP XDR
  • Log-in To The Admin Console
  • The Main Interface
  • Eveny Query
    • Configure Event Queries
  • Report Generation
  • Administration
    • Event Collection
    • Phantom Settings
    • Manage Users
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 –SOCaaP Supported Logs
• SOCaaP Web Protection
  • Add Websites
  • The Main Interface
  • The Dashboard
  • Website Data And Settings
    • Website Overview
    • Security Scans
      • Website Scans
      • Website Files Security Scans
        • Malware Scan Settings
          • Automatic Configuration
          • Manual Configuration
        • Run A Scan And View Results
        • Notifications, Malware Removal And Scheduled Scans
      • Vulnerability Scans
        • CMS Vulnerability Scans
        • OWASP Top 10 Vulnerability Scans
    • Content Delivery Network
      • Activate CDN For A Website
      • CDN Settings
      • View CDN Metrics
    • Firewall
      • WAF Statistics
      • WAF Events
      • Configure WAF Policies
      • Manage Custom Firewall Rules
    • SSL Configuration
    • DNS Configuration
    • Add Trust Seal To Your Websites
    • Back Up Your Website
      • Backup Settings
      • On-Demand Backup
      • View Backup Records And File Statistics
      • Restore And Download Website Files
      • Delete Backups
  • Manage Your Profile
• Sensor Installation
  • Requirements
  • (Option 1) Create Installation Media
  • (Option 2) Deploy Virtual Machine Environment
    • Create A New Virtual Machine
    • Configure Memory Size
    • Configure Hard Disk
    • Configure Hard Disk File Type
    • Configure Storage On Physical Hard Disk
    • Configure Size Of Virtual Hard Disk
    • Configure Network Settings
    • Select VM Startup Disk
  • Sensor Installation Steps
  • Sensor Configuration Steps
    • Login To The Web Portal
    • User Settings
    • Configure Network
    • Configure Timezone
    • Key Activation
    • (Optional) Valkyrie Key Verdict
    • (Optional) Forward Log
• Frequently Asked Questions
• About Xcitium Security Solutions

SSL Configuration

• Select a website from the drop-down at top-left and choose 'SSL'

• SSL/TLS certificates identify a website’s owner, and encrypt all data that passes between the site and a visitor's browser.

• Sites that use an SSL/TLS certificate have a URL that begins with HTTPS. For example, https://www.example.com.

• Xcitium strongly recommends you use a certificate on your site.

There are two ways to deploy a certificate with SOCaaP Web Protection:

• Bring your own SSL

• Upload your site’s existing certificate to the SOCaaP Web Protection CDN edge servers. Recommended for most customers.

• This will secure the traffic between your site (the origin server) and the SOCaaP Web Protection CDN.

• See Upload your own SSL Certificate to find out how to deploy your certificate

• Complimentary Xcitium SSL

• Get a free SSL from Xcitium deployed on the CDN Edge servers. Again, this will encrypt traffic between your site and the CDN

• You need to configure your site to use Xcitium DNS in order to get the free SSL certificate. There are two ways you can do this:

1. Change your domain's authoritative DNS servers to Xcitium DNS

2. Enter DNS records explicitly

• Help to configure DNS is available in - Activate CDN For A Website

• See Install Complementary SSL Certificateto find out how to deploy your free certificate.

Upload your own SSL Certificate

• Open the SOCaaP Web Protection dashboard

• Select the target website from the menu at top-left

• Click the 'SSL' tab

• Click 'Order SSL Certificate' if you do not already have a certificate on your site

• You will be taken to SSL purchase page to buy a new certificate

• You can install the certificate on your web-server then upload it to SOCaaP Web Protection

• Click 'Upload Your SSL Certificate' to submit your existing certificate:

–––––BEGIN CERTIFICATE–––––

MIICUTCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJDTjEL

MAkGA1UECBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMC

VU4xFDASBgNVBAMTC0hlcm9uZyBZYW5nMB4XDTA1MDcxNTIxMTk0N1oXDTA1MDgx

NDIxMTk0N1owVzELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAlBOMQswCQYDVQQHEwJD

TjELMAkGA1UEChMCT04xCzAJBgNVBAsTAlVOMRQwEgYDVQQDEwtIZXJvbmcgWWFu

ZzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCp5hnG7ogBhtlynpOS21cBewKE/B7j

V14qeyslnr26xZUsSVko36ZnhiaO/zbMOoRcKK9vEcgMtcLFuQTWDl3RAgMBAAGj

gbEwga4wHQYDVR0OBBYEFFXI70krXeQDxZgbaCQoR4jUDncEMH8GA1UdIwR4MHaA

FFXI70krXeQDxZgbaCQoR4jUDncEoVukWTBXMQswCQYDVQQGEwJDTjELMAkGA1UE

CBMCUE4xCzAJBgNVBAcTAkNOMQswCQYDVQQKEwJPTjELMAkGA1UECxMCVU4xFDAS

BgNVBAMTC0hlcm9uZyBZYW5nggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEE

BQADQQA/ugzBrjjK9jcWnDVfGHlk3icNRq0oV7Ri32z/+HQX67aRfgZu7KWdI+Ju

Wm7DCfrPNGVwFWUQOmsPue9rZBgO

–––––END CERTIFICATE–––––

• Click 'Upload Your SSL Certificate'
  

The SSL certificate will be uploaded to the CDN edge servers.

Once uploaded, traffic between the CDN and your website visitors is encrypted. Since the certificate is already installed on your site, the communication between the origin and the CDN is also encrypted.

Install Complementary SSL Certificate

• Open the SOCaaP Web Protection dashboard

• Select the target website from the menu at top-left

• Click the 'SSL' tab
  

• Scroll down to 'Complimentary Xcitium SSL (Edge Certificate)':

You have two options to enable the free certificate:

• Option A - Change your domain's authoritative DNS servers to Xcitium  – Applies if you have already pointed your name servers to Xcitium authoritative DNS.
  

• Option B - Create a CNAME record which points to Xcitium – Applies if you have entered explicit DNS records to your domain's DNS settings.
  

Option A - Change your domain's authoritative DNS servers to Xcitium

• Scroll to 'Option A - Change your domain's authoritative DNS servers to Xcitium'

• Select 'Click here for more details'

• Click the 'Activate Basic SSL Now' button

• The process will take a few minutes to complete

• Once activated, you can see the certificate in 'Settings' > 'SSL', listed under 'Complimentary Xcitium SSL (Edge Certificate)'.

• The certificate is valid for one year and is set for auto-renewal.

• Note – This certificate encrypts the connection between the CDN servers, which host a copy of your site, and your website visitors.

• It does not encrypt the traffic between your web-server and the CDN edge servers.

• You need to upload your own certificate to encrypt CDN <--> origin site traffic. See 'Upload your own SSL Certificate' for more details.

Option B - Create CNAME record pointed back to Xcitium

• Scroll to 'Option B - Create CNAME record pointed back to Xcitium'

• Select 'Click here for more details'

• Select 'Click here for more details' beside 'Option B - Create CNAME record pointed back to Xcitium'

• Click the 'Activate Basic SSL Now' button:

SOCaaP Web Protection generates a CNAME record for domain control validation.

• Note down the 'CNAME KEY' and 'CNAME VALUE' records

• Go to your website's DNS management page and enter the 'CNAME KEY' and 'CNAME VALUE' records

• If you need more help regarding adding 'CNAME KEY' and 'CNAME VALUE' records, visit https://support.google.com/a/topic/1615038?hl=en

• After the CNAME records are added to your domain's DNS settings, the certificate will be activated and deployed to the edge servers. It may take up to two hours to complete.

Once activated, you can see the certificate listed under 'Complimentary Xcitium SSL (Edge Certificate)'.

• Note - This certificate encrypts the connection between the CDN servers, which host a copy of your site, and your website visitors.

• It does not encrypt the traffic between your web-server and the CDN servers.

• You need to upload your own certificate to encrypt CDN <--> origin site traffic. See 'Upload your own SSL Certificate' for more details. See 'Upload your own SSL Certificate' for more details.