Enabling SSL Encryption for the C•CURE Portal

The C•CURE Portal uses the victor Web Service for communications with the victor Application Server. Both the C•CURE Portal and victor Web Service run under the supervision of the IIS server, which supports SSL-based encryption for communications between the Web Service browser system and the IIS Web Server you are using. This makes communication between the client of the web portal and the victor Application Server secure.

The IIS SSL Encryption option provides an RSA Encryption Scheme – Optimal Asymmetric Encryption Padding (RS-AES-OAEP) using 1024-bit key size, to encrypt the AES (128-bit key size) key for session communications between the victor Web Service site and the browser which runs the C•CURE Portal.

Software House strongly recommends that you enable SSL Encryption for the victor Web Service to provide additional security for all client connections. If you do not enable SSL encryption and you are not using a private VPN, anyone using a Web Sniffer tool will be able to see very sensitive information such as usernames and passwords.

If you set up SSL Encryption for the victor Web Service, you must then use an HTTPS web address to access the C•CURE Portal. See C•CURE Portal Log In Screen.

To use the SSL option, you must set up SSL certificates for the website which hosts victor Web Service and the C•CURE Portal on your IIS Web Server.

You may need to ask for assistance from your IT Administrator to obtain working SSL certificates, perform SSL installation and configuration, depending upon your expertise with SSL and IIS and the level of access to security and networking at your site.

Refer to the victor Web Service User Guide for instructions on setting up SSL Encryption.