Application Note

HTTPS and MBV RMS (#122)

ASTi recently began fielding inquiries from customers who purchased their ASTi Telestra Model Builder Visual (MBV) systems some time within the past 10 years. We no longer sell MBV-based systems but continue to support customers still using them.

Some customers have noticed problems with MBV's Remote Management System (RMS), the web-based interface allowing users to view and manage ASTi devices, files, and network connections. RMS existed in the DACS days before MBV was invented, but the version of RMS that shipped with MBV was the first to include Secure HTTP (HTTPS) operation by default. All subsequent versions of RMS also use HTTPS.

ASTi uses self-signed certificates to enable HTTPS in RMS for MBV, Telestra, and Voisus systems. As a result, users’ web browsers flag our certificates as insecure. This is all explained thoroughly in Section 1.3, “Secure Connection” of the ASTi Telestra Remote Management System User Guide on the ASTi Support page. In a nutshell, we don't have the necessary end-user network configuration information to do certificates the right way.

In addition to previous warnings, our MBV customers have now started receiving notification that the HTTPS certificate has expired! We started an MBV system, pointed a web browser to its IP address, and learned that the certificates we installed on MBV systems all expired on March 31, 2016.

Now users' browsers are yelling, "Danger!" even louder. But it doesn't matter.

Why not?

The majority of web security advances and improvements protect honest users conducting honest transactions with honest institutions on the Internet (to say nothing of the bad guys). Security and encryption for online banking, shopping, registration, etc. is important to safeguard your information from others in this public venue. ASTi systems, however, usually operate on closed networks with dedicated security personnel tasked with securing them. The HTTPS functionality in RMS exists solely to provide a secure connection between authorized users and the Telestra (or Voisus) system itself. It only helps prevent unauthorized access to the ASTi system by encrypting usernames and passwords.

To reiterate the conclusion in the RMS manual: it is safe to circumvent the warnings issued by your web browser when accessing your ASTi system(s).