Execution Worker SSL Configuration
You can enable HTTPS for the Xpress Insight 5 Worker.
Configuration on Windows
- Navigate to the application.properties file and use a suitable text editor to open it. This file is located in the <WORKER_CONFIG_DIR> folder.
- Comment out the http server port configuration:
# The http port this server will bind to. #server.port=9080
- Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password previously used to create the Worker SSL Certificate KeyStore.
Note Use port 9443 for the worker.# Enables https connections. server.ssl.enabled=true # The https port this worker will bind to. server.port=9443 # The path to the keystore that contains the SSL certificate server.ssl.key-store=config/insight-keystore # The password to the keystore that contains the SSL certificate server.ssl.key-store-password=<SSL Certificate KeyStore Password> # The alias of the SSL certificate in this keystore to use to secure https connections server.ssl.key-alias=insight-worker-https # TLS protocols and ciphers server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- Save the changes and close the editor.
- Restart the Xpress Insight 5 Worker.
- Open https://<worker-hostname>:9443/worker/rest/alive in your browser.
Tip If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java. - Your browser will display "1".
Repeat this process for all Workers, then perform the steps detailed in Trusting Self Signed Certificates.
Configuration on Linux
- Navigate to the application.properties file and use a suitable text editor to open it. This file is located in the <WORKER_CONFIG_DIR> folder.
- Comment out the http server port configuration:
# The http port this server will bind to. #server.port=9080
- Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password previously used to create the Worker SSL Certificate KeyStore.
Note Use port 9443 for the worker.
# Enables https connections. server.ssl.enabled=true # The https port this server will bind to. server.port=9443 # The path to the keystore that contains the SSL certificate server.ssl.key-store=/etc/fico-xpress-insight-worker/insight-keystore # The password to the keystore that contains the SSL certificate server.ssl.key-store-password=<SSL Certificate KeyStore Password> # The alias of the SSL certificate in this keystore to use to secure https connections server.ssl.key-alias=insight-worker-https # TLS protocols and ciphers server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- Save the changes and close the editor.
- Restart the Xpress Insight 5 Worker.
- Open https://<worker-hostname>:9443/worker/rest/alive in your browser.
Tip If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java.
- Your browser will display "1".
Repeat this process for all Workers, then perform the steps detailed in Trusting Self Signed Certificates.