Update the Configuration File

After you have installed the website, activated the license and established a database, the next step is to update the configuration file on the web server.

From Start, search for "SEP2024 Admin" and open the admin utility. Then click Update SEP Configuration File.

IMPORTANT: Incorrect settings on either tab of this window can cause problems connecting to the database. If you encounter errors such as "There’s a problem with the page you requested" when connecting to the website or errors stating that "an error occurred during the login process" when performing admin tasks, double-check all settings on both tabs.

1 - On the Connection Tab:

• Connection Info - Enter the required details for the database that the application will connect to. If you used the admin utility to create the database, the connection information will appear in the fields automatically.

Note: If you are configuring SEP for use with an Oracle database, you must specify a valid service name. Entering an SID may result in slow performance.

Select Encrypt Connection String if you want to hide the connection string information within the web configuration file.

• User Impersonation (SQL Server) - If the database is on SQL Server, enter the credentials that SEP will use to connect. For requirements, see Establish a Service Account for the Application.

Select Encrypt Impersonation Identity if you want to hide the credentials within the web configuration file.

2 - On the Settings Tab:

• Request timeout sets how long IIS waits for a request to the application to finish processing. Typically, this will not need to be changed for an SEP implementation.
• Content-Security-Policy Header determines which types of dynamic resources are allowed to load on the site. This policy is required to detect and prevent cross-site scripting (XSS) and other code-injection attacks. Typically, it will not need to be changed; however, if you decide to modify this policy, you must include the following directives to ensure that the site functions properly:
  • ‘unsafe-inline’
  • ‘unsafe-eval’
  • img-src 'self' data:
• If a Secure Socket Layer (SSL) certificate has been implemented for SEP, select Yes for HTTP Cookies Require SSL if you also want the browser cookies to require SSL (an additional level of security).
• For a SQL Server implementation,
  1. Select Encrypt communication to encrypt the connection between the application and the database. Do not select this option if the database server does not support an encrypted connection. If you do so, you will not be able to connect to the database server and you will receive an error when trying to do so. Note that starting in Version 2024, this option is selected by default.
  2. Select Trust server certificate if the server has a self-signed certificate.

Note: To encrypt the connection for an Oracle implementation, set the encryption type to either "requested" or "required" for the Oracle database. To learn more, consult the Oracle documentation (e.g., https://docs.oracle.com/cd/B19306_01/network.102/b14268/asoconfg.htm#i1007808).