Initializing help system before first use

Trusting Self-signed Certificates

You can use self-signed certificates locally to authorize access to https URLs.

Both Google Chrome and JAVA do not trust self-signed certificates. For Chrome, click to confirm you wish to proceed safely when prompted.

Java has the notion of a trust store. This trust store contains the certificates that Java should trust. The server needs to trust the worker's self-signed certificate and vice versa. Without this trust Java will refuse to communicate with the worker.

Xpress Insight has a command line option that guides you through trusting a certificate that is served from an SSL endpoint.

To configure the server to trust the worker's certificate do the following:
  1. Start the worker, having configured it to run with SSL. For more, see Worker SSL Configuration. This section assumes the worker is hosted on https://localhost:9443.
  2. Run the following command: 
    ./insight-server.sh --trust-ssl localhost:9443

    The command will create a copy of Java's trust store into config/insight-cacerts.

    You will be prompted for the default trust store's password. On installation, Amazon Corretto configures this as changeit.
  3. The command will then query the certificates served by SSL endpoint and ask you which untrusted certificates it should trust.
    • Verify the certificate is the one you expect.
    • Enter the certificate number and click Enter.

      The worker's certificate will now have been added to config/insight-cacerts.

  4. Restart the Insight server.
  5. Ensure the worker is configured to trust the server's certificate. For more, see Worker SSL Configuration.
  6. Repeat this for any other Workers.
Parent Topic Enabling HTTPS with Xpress Insight 5 Server

© 2001-2020 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.