# Console Settings The Hermes SEG **Console Settings** sets the method you wish to access Hermes SEG machine which includes the Admin Console, User Console and the Ciphermail Console. By default, the **Console Mode** is set to **IP Address**, however, an IP address is not contusive to using SSL certificates. Therefore, if you plan to use a SSL certificate to access the Hermes SEG machine, you must set the Console Mode to **Host Name**. The Host Name you set it does NOT necessarily have to the the same **Host Name** you set in **Network Settings** above. The **Host Name** and **Primary Domain Name** you set in the Network settings is used for SMTP transactions such as SMTP TLS and it's not related to Hermes SEG console access. - Set the **Console Mode drop-down to **Host Name** and in the resultant **Host Name** field that appears, fill in the desired host anem you wish to use (**Figure 1**): **Figure 1** [![image-1642868434350.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1642868434350.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1642868434350.png) - The **Console Certificate** field is pre-populated with the **system-self-signed** certificate. If you wish to use a SSL certificate you set in the **Set System Certificates** section above, simply delete the **system-self-signed** entry and start typing the friendly name of the certificate you setup previously that matches the host name. The system will locate the certificate and display it in a drop-down list. Click on the certificate and the system will automatically populate all the rest of the Certificate fields such as the Subject, Issuer, Serial and Type (**Figure 2**): **Figure 2** [![image-1642948341819.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1642948341819.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1642948341819.png) - We highly recommend that you enable **HTTP Strict Transport Security (HSTS)**, **Online Certificate Status Protocol (OCSP) Stapling, Online Certficiate Status Protocol (OCSP) Stapling Verify** and click the **Submit** button (**Figure 3**): **Figure 3** [![image-1642948755741.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1642948755741.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1642948755741.png)

After clicking the **Submit** button and you changed the Console Mode from IP Address to Host Name, your browser will **NOT** automatically redirect you to the new console address. Ensure you enter the new address in your browser as **[https://<HOST\_NAME>/admin/](https:///admin/)** where **<HOST-NAME>** is the new Host Name you set above.

- Additionally, we recommend that you generate a **DH (Diffie-Hellman) Parameters** file by clicking the **Generate DH Parameters File** button and on the resultant **Generate Diffie-Hellman (DH) Parameters File** confirmation window, click on **Yes** (**Figure 4**): **Figure 4** [![image-1642949292124.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1642949292124.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1642949292124.png) - Generating a DH Parameters file can take a very long time to complete (~40 minutes on 1-CPU systems). You can proceed to configure the rest of your system (**DO NOT reboot the system while it's generate a DH Parameters file**) and check back under **System --> Console Settings** to see if a new **Diffie-Hellman (DH) key-exchange** drop-down appears set it to **Enable** and click the **Submit** button below (**Figure 5**). **Figure 5** [![image-1642950621363.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1642950621363.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1642950621363.png) If you follow the above recommendations, you should be able to achive an **A+ rating** on the [Qualys SSL Labs SSL Server Test](https://www.ssllabs.com/ssltest/) (**Figure 6**): **Figure 6** [![image-1642950749753.png](https://docs.deeztek.com/uploads/images/gallery/2022-01/scaled-1680-/image-1642950749753.png)](https://docs.deeztek.com/uploads/images/gallery/2022-01/image-1642950749753.png)