Instructions

You can enable HTTPS with Xpress Insight Server.
  1. Ensure that your SSL certificate (certificate.pem) and private key (privatekey.pem) files are saved in the <INSIGHT_HOME>\server\wildfly-15.0.1.Final\standalone\configuration directory.
  2. Convert the PEM files into a PKCS12 key store, and then into a java format keystore. You will be prompted to provide a password. Note the password, for example: openssl pkcs12 -export -name host.company.com -in certificate.pem -inkey privatekey.pem -out xpress-insight.p12
  3. Convert the PKCS12 file into a Java Key Store file. You will be prompted to enter the password entered in the previous step, and to provide a password for the destination keystore. Note this also: keytool -importkeystore -destkeystore xpress-insight.jks -srckeystore xpress-insight.p12 -srcstoretype pkcs12 -alias host.company.com
  4. Ensure the Insight Server is not running.
  5. Save a backup of standalone.xml.
  6. Open <INSIGHT_HOME>\server\wildfly-15.0.1.Final\standalone\configuration\standalone.xml.
  7. Find the <subsystem xmlns="urn:wildfly:elytron:...> section that contains the tags <providers> and <audit-logging>, and add this example code, including the passwords set in the previous steps. 
    <tls>
  <key-stores>
    <key-store name="InsightKeystore">
      <credential-reference clear-text="[keystore_password]"/>
      <implementation type="JKS"/>
      <file path="xpress-insight.jks" relative-to="jboss.server.config.dir"/>
    </key-store>
  </key-stores>		
  <key-managers>
    <key-manager name="InsightKeyManager" key-store="InsightKeystore">
      <credential-reference clear-text="[keystore_password]"/>
    </key-manager>
  </key-managers>		
  <server-ssl-contexts>
    <server-ssl-context name="InsightSslContext" key-manager="InsightKeyManager" protocols="TLSv1.2"/>
</server-ssl-contexts>
</tls>
    Note If passwords provided in this step are wrong, the server logs out (java.security.UnrecoverableKeyException). To avoid using a plain text password within the credential-reference, configure the Credential Store and refer to the credentials by their aliases, for example: 
    <credential-reference store="store-name" alias="password-alias"/>
    For more on configuring the credential store, see Using the Credential Store to Store Passwords.
  8. Locate the <http-listener> and add an additional listener line underneath, for example: 
    <https-listener name="https" socket-binding="https" max-post-size="536870912" ssl-context="InsightSslContext" enable-http2="true"/>
  9. Configure the session cookie to only be transmitted over a secure connection. Amend the existing session-cookie configuration in standalone.xml and change secure from false to true:
    <session-cookie name="OMSID" http-only="true" secure="true"/>
  10. Start up the Xpress Insight Server. Navigate to https://host.company.com:8443/insight and log on as normal.
Parent Topic Enabling HTTPS with Xpress Insight Server