Configuring Advanced Security Settings
- Updated2025-02-19
- 2 minute(s) read
Configuring Advanced Security Settings
To add an extra layer of security, provide a custom prime number value to the Diffie-Hellman algorithm that TLS protocol uses as part of the connection handshake. By default, NI Web Server uses a set of prime values defined by the Apache Web Server. This default is sufficient for most cases.
-
On the SystemLink Server machine, open Command Prompt and run the following
command.
Note The following command uses the copy of OpenSSL installed with SystemLink 23.5 or later. You can substitute a different copy of OpenSSL."c:\Program Files\National Instruments\Shared\Skyline\OpenSSL\openssl.exe" dhparam -outform PEM -out dhparam.txt numbits
Where
- numbits is the bit length for the prime. You can specify 1024, 2048, 3072, 4096, 7680, or 8192 bits. NI recommends using a length of at least 3072 bits.
The command creates a file called dhparam.txt in the current directory. - Run a text editor as an administrator and open the NI Web Server certificate located at C:\Program Files\National Instruments\Shared\Web Server\certs\. If there are multiple certificate files in this directory, open C:\Program Files\National Instruments\Shared\Web Server\conf\defines.d\50_httpd-defines.conf and use the file specified for the TLS_CERTIFICATE_PATH variable.
- Open dhparam.txt and copy and paste the contents into the certificate file on a new line after the last -----END CERTIFICATE-----.
- Save and close the certificate file.
- Open NI Web Server Configuration and click Restart on the Control tab.