Initializing help system before first use

Trusting Self-Signed Certificates

You can use self-signed certificates to encrypt https communication; however these certificates are not as secure as certificates issued by a public authority and are, by default, rejected by browsers and client software such as Java.

When using a browser, if you are confident you are accessing the correct server, click to confirm you wish to proceed safely when prompted.

Java has the notion of a trust store. This trust store contains the certificates that Java should trust. The server needs to trust the worker's self-signed certificate and vice versa. Without this trust Java will refuse to communicate with the worker.

Xpress Insight has a command line option that guides you through trusting a certificate that is served from an SSL endpoint.

To Configure the Server to Trust the Worker Certificate

Complete the following steps:
  1. Start the worker, having configured it to run with SSL. For more, see Execution Worker SSL Configuration. This section assumes the worker is hosted on https://localhost:9443.
  2. Open a command prompt on the server and run the following commands to create a copy of Java's trust store:
    Windows 
    cd "\Program Files\FICO\Xpress Insight"
insight-server.bat --trust-ssl <worker-hostname>:9443
    Linux 
    /usr/bin/fico-xpress-insight-server --trust-ssl <worker-hostname>:9443
  3. The file insight-cacerts will have been created in the <SERVER_CONFIG_DIR>. For more on <SERVER_CONFIG_DIR>, see Important Note about this Guide.
  4. Restart the Xpress Insight 5 Server.

To Configure the Worker to Trust the Server Certificate

Complete the following steps:
  1. Start the server, having configured it to run with SSL. For more, see Insight Server SSL Configuration. This section assumes the server is hosted on https://localhost:8443.
  2. Open a command prompt on the worker and run the following command to create a copy of Java's trust store:
    Windows 
    cd "\Program Files\FICO\Xpress Insight"
insight-worker.bat --trust-ssl <server-hostname>:8443
    Linux 
    /usr/bin/fico-xpress-insight-worker --trust-ssl <server-hostname>:8443
  3. The file insight-cacerts will have been created in the <WORKER_CONFIG_DIR>. For more on <WORKER_CONFIG_DIR>, see Important Note about this Guide.
  4. Restart the Xpress Insight 5 worker.
Parent Topic Enabling HTTPS with Xpress Insight 5 Server