SSL Certificates for the Web Server

Secure Web Viewer Access in Local Networks

When accessing the Web Viewer through HTTPS, modern browsers require the server to present a trusted SSL certificate that matches the hostname used in the URL.

The built-in Grid Studio Web Server uses a self-signed certificate intended for local testing. Because this certificate is not issued by a public certificate authority and is typically only valid for localhost, browsers may show warnings such as:

NET::ERR_CERT_COMMON_NAME_INVALID

or

Your connection is not private

This behavior is not specific to Grid Studio. It is a standard browser security mechanism designed to prevent malicious websites from impersonating trusted servers.

When running web services inside a local network without a public domain, additional configuration is required to allow browsers to trust the connection.

The recommended solution is to use a reverse proxy with a local certificate authority.

---

Overview of the Solution

The setup consists of three components:

1. A local hostname for the Grid Studio server

2. A reverse proxy that provides HTTPS

3. Installing the local certificate authority on client machines

Architecture:

1

Browser

2

HTTPS

3

Reverse Proxy

4

HTTP / HTTPS

5

Grid Studio Web Server

Step 1 — Configure a Local Hostname

Instead of accessing the server via an IP address, a hostname must be used.

Example:

gridstudio.local

Configure your router or local DNS server so that the hostname resolves to the Grid Studio machine.

Example DNS entry:

gridstudio.local → 192.168.1.8

After configuring DNS, verify the connection from another computer:

ping gridstudio.local

Expected result:

Pinging gridstudio.local [192.168.1.8]

---

Step 2 — Install the Reverse Proxy (Caddy)

Alternative Reverse Proxy Solutions

While this guide demonstrates the setup using Caddy, other reverse proxy solutions can be used as well. Any reverse proxy capable of handling HTTPS and forwarding requests to the Grid Studio Web Server can be used in a similar way.

Common alternatives include:

• Nginx – widely used web server and reverse proxy

• Apache HTTP Server – often used in traditional web server environments

• Traefik – modern reverse proxy commonly used in container environments

• HAProxy – high-performance load balancer and proxy

These solutions can provide the same functionality by terminating HTTPS connections with a trusted certificate and forwarding traffic to the Grid Studio Web Server running on port 8088.

The exact configuration depends on the chosen proxy software and the network environment.

Download Caddy from:

https://caddyserver.com/download

For most systems select:

Windows AMD64

Extract the archive and place the executable in a folder such as:

C:\Caddy\

Example:

C:\Caddy\caddy.exe

---

Step 3 — Create the Caddy Configuration

Create a file called:

Caddyfile

Place it in the same folder as caddy.exe.

Example directory:

C:\Caddy\caddy.exe
C:\Caddy\Caddyfile

Example configuration:

Open Notepad or other text editors to write the file

gridstudio.local {
    reverse_proxy localhost:8088
}

Make sure, that the file called Caddyfile and not Caddyfile.txt

This configuration tells Caddy to:

• listen for HTTPS requests on gridstudio.local • forward all traffic to the Grid Studio Web Server

---

Step 4 — Start the Reverse Proxy

Open Command Prompt as Admin and run:

cd /d C:\Caddy
caddy.exe trust

Close and reopen Command Prompt and run:

C:\Caddy\Caddy.exe run --config C:\Caddy\Caddyfile

Caddy is a command line application, so it must be started from a terminal window.

When started successfully, Caddy will:

• create a local certificate authority • generate a trusted certificate for gridstudio.local • start the reverse proxy server

---

Step 5 — Trust the Local Certificate Authority

The first time Caddy runs, it creates a local root certificate.

Location:

C:\Users\<user>\AppData\Roaming\Caddy\pki\authorities\local\root.crt

This certificate must be installed on client machines so that browsers trust the HTTPS connection.

---

Step 6 — Install the Certificate on Client Machines

On each client computer:

1. Press Win + R

certlm.msc

1. Navigate to:

Trusted Root Certification Authorities

1. Right-click Certificates

All Tasks → Import

1. Select the file:

root.crt

1. Install it into:

Trusted Root Certification Authorities

1. Finish the wizard.

After installation, restart the browser.

---

Step 7 — Access the Web Viewer

The Web Viewer can now be opened using:

https://gridstudio.local/player/Web%20Grid%20Viewer

Because the certificate is now trusted, browsers will no longer display security warnings.

---

Notes

• The certificate only needs to be installed once per device • All devices accessing the Web Viewer must trust the same certificate • The reverse proxy must remain running while the Web Viewer is in use

---

Why This Setup Is Necessary

Modern browsers enforce strict HTTPS security rules. When running web servers inside private networks without public domains, there is no publicly trusted certificate authority available by default.

Using a local certificate authority and reverse proxy is a common and recommended solution used in many internal systems and development environments.

This configuration ensures:

• secure HTTPS connections • trusted certificates • access from multiple devices • compatibility with modern browser security requirements