Initializing help system before first use

Securing the Integration with Decision Central

Prior to deploying the integration to a Production environment, additional steps should be taken to ensure security of your data.
Before starting this section, you should complete the previous steps in this chapter.
The instructions in this chapter have set up the integration between Insight and Decision Central using the default database credentials, and http for communications. This is a convenient starting point for evaluations, local development and basic integration testing.

However, it is strongly recommended that the installation is secured before being used operationally with real data.

Changing the Default PostgreSQL Database Password

  1. To change the password for the Xpress Insight user, start the PostgreSQL database console by opening a command window and entering the following: %XPRESSDIR%\insight\db\pgsql\bin\psql insightdb postgres
  2. Enter the command ALTER ROLE to change the password.
    For example, to set the password to ficoxpress enter: ALTER ROLE insight WITH PASSWORD ‘ficoxpress’;
  3. Exit the PostgreSQL database console. Enter the following in the command window:

    \q

Secure Decision Central using https

  1. Open the Decision Central Planning Install and Maintenance Guide that was provided with the Decision Central installation files. Refer to Chapter 3 titled Installing Decision Central for the First Time and refer to step 4 - Edit the Environment File.
  2. Update the following environment variables in the DECISION_CENTRAL_ENV.bat(Windows) or DECISION_CENTRAL_ENV.sh(Linux) file. 
    DC_CONFIG_PUBLIC_ASSET_URI=https://localhost:8444
DC_CONFIG_TOMCAT_SERVER_HTTPS_PORT=8444
  3. Restart Decision Central.

Enable https for Decision Central

To enable Decision Central and Xpress Insight to communicate securely using SSL, use the keystore and trust store you created when each installation was configured to use SSL.

There are two tasks that must be completed to enable Xpress Insight to utilize https to access Decision Central running on a different machine.

  1. To enable https on the Xpress Insight Server you must generate a keystore and use it to replace the Decision Central keystore located in <dc_installation_directory>\components\tomcat\conf. For more, see Generating a Custom KeystoreFile in Appendix D in Decision Central Planning Install and Maintenance Guide. Use the following command to generate the keystore using the domain name that hosts Decision Central. 
    %JAVA_HOME%/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/my/keystore
  2. Xpress Insight requires knowledge of the SSL certificate used. Add the Decision Central (self-signed or Trusted Authority) certificate to the Xpress Insight JAVA Virtual Machine (JVM). You can download the certificate directly from Chrome in .cer format and import the certificate into Xpress’s JVM using the following command: 
    keytool -importcert -file PATH_TO_THE_CERTIFICATE_CER_FILE.cer -alias ALIAS_NAME -keystore XPRESS_JAVA_HOME\lib\security\cacerts

Changing the Default Decision Central Content Database Password

By default, the connection uses the username nuxeo and password nuxeo. You may want to change this password as an additional security measure.
  1. To change the password for the Decision Central user, start the PostgreSQL database console by opening a command window and entering the following command: 
    %XPRESSDIR%\insight\db\pgsql\bin\psql nuxeo postgres
  2. Enter the command ALTER ROLE to change the password.
    For example, to set the password to newPassword enter: ALTER ROLE nuxeo WITH PASSWORD ‘newPassword’;
  3. Exit the PostgreSQL database console. Enter the following in the command window:

    \q

  4. Navigate to the directory in which Decision Central is installed and edit the file DECISION_CENTRAL_ENV.bat(Windows) or DECISION_CENTRAL_ENV.sh(Linux) in the {install_dir}/conf folder. Update the following variable: 
    DC_CONFIG_NUXEO_DB_PASSWORD=newPassword
  5. Restart Decision Central.

Changing the Default Decision Central Workflow Database Password

By default, the connection uses the username workflow and password workflow. You may want to change this password as an additional security measure.

  1. To change the password for the Decision Central workflow user, start the PostgreSQL database console by opening a command window and entering the following command: 
    %XPRESSDIR%\insight\db\pgsql\bin\psql workflow postgres
  2. Enter the command ALTER ROLE to change the password.
    For example, to set the password to newPassword enter: ALTER ROLE workflow WITH PASSWORD ‘newPassword’;
  3. Exit the PostgreSQL database console. Enter the following in the command window:

    \q

  4. Navigate to the directory in which Decision Central is installed and edit the file DECISION_CENTRAL_ENV.bat(Windows) or DECISION_CENTRAL_ENV.sh(Linux) in the {install_dir}/conf folder. Update the following variable: 
    DC_CONFIG_DB_ACTIVITI_PASSWORD=newPassword
  5. Restart Decision Central.

Encrypting the Decision Central Database Password

To encrypt the database user password, use the Encrypt Password utility.

  1. Select the password you wish to encrypt.
  2. Open a command window and run the following command appropriate to your operating system:
    Windows 
    encrypt_password.bat yourSelectedPlainTextPassword
    Linux 
    encrypt_password.sh yourSelectedPlainTextPassword
  3. Copy the returned string to the clipboard.
  4. Navigate to the directory in which Decision Central is installed and edit the file DECISION_CENTRAL_ENV.bat(Windows) or DECISION_CENTRAL_ENV.sh(Linux) in the {install_dir}/conf folder. Update the appropriate variable.
    For example, to update the activiti password: 
     DC_CONFIG_DB_ACTIVITI_PASSWORD={pastedEncryptedPassword}
  5. Restart Decision Central.
Parent Topic Installing FICO Decision Central with FICO Xpress Insight

© 2001-2021 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.