Initializing help system before first use

Insight Server SSL Configuration

You can enable HTTPS for the Xpress Insight 5 Server.

Configuration on Windows

  1. Navigate to the application.properties file and use a suitable text editor to open the file. This file is located in the <SERVER_CONFIG_DIR>.
  2. Reconfigure the server URL to reflect the switch to https.
    Note Use port 8443 for the server. 
    # The URL of the Xpress Insight user interface.
insight.server.system.url=https://localhost:8443
  3. Comment out the http server port configuration: 
    # The http port this server will bind to.
#server.port=8080
  4. Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password used to create the Server SSL Certificate KeyStore previously. 
    # Enables https connections.
server.ssl.enabled=true

# The https port this server will bind to.
server.port=8443

# The path to the keystore that contains the SSL certificate
server.ssl.key-store=config/insight-keystore

# The password to the keystore that contains the SSL certificate
server.ssl.key-store-password=<SSL Certificate KeyStore Password>

# The alias of the SSL certificate in this keystore to use
# to secure https connections
server.ssl.key-alias=insight-server-https

# TLS protocols and ciphers
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  5. Save the changes and close the editor.
  6. Restart the Xpress Insight 5 Server.
  7. Open your browser with the new secure URL used in step 2. In this example, https://localhost:8443.
    Tip If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java.

Next, perform the steps detailed in Execution Worker SSL Configuration.

Configuration on Linux

  1. Navigate to the application.properties file and use a suitable text editor to open it. This file is located in the <SERVER_CONFIG_DIR>.
  2. Reconfigure the server URL to reflect the switch to https (server only).
    Note Use port 8443 for the server. 
    # The URL of the Xpress Insight user interface.
insight.server.system.url=https://localhost:8443
  3. Comment out the http server port configuration: 
    # The http port this server will bind to.
#server.port=8080
  4. Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password used to create the Server SSL Certificate KeyStore previously. 
    # Enable https connections.
server.ssl.enabled=true

# The https port this server will bind to.
server.port=8443

# The path to the keystore that contains the SSL certificate
server.ssl.key-store=/etc/fico-xpress-insight-server/insight-keystore

# The password to the keystore that contains the SSL certificate
server.ssl.key-store-password=<SSL Certificate KeyStore Password>

# The alias of the SSL certificate in this keystore to use
# to secure https connections
server.ssl.key-alias=insight-server-https

# TLS protocols and ciphers
server.ssl.protocol=TLS
server.ssl.enabled-protocols=TLSv1.2
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  5. Save the changes and close the editor.
  6. Restart the Xpress Insight 5 Server.
  7. Open your browser with the new secure URL used in step 2. In this example, https://localhost:8443.
    Tip If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java.

Next, perform the steps detailed in Execution Worker SSL Configuration.

Parent Topic Enabling HTTPS with Xpress Insight 5 Server