Insight Server SSL Configuration
Configuration on Windows
- Navigate to the
application.propertiesfile and use a suitable text editor to open the file. This file is located in the <SERVER_CONFIG_DIR>. - Reconfigure the server URL to reflect the switch to https.
Note: Use port 8443 for the server.# The URL of the Xpress Insight user interface. insight.server.system.url=https://localhost:8443 - Comment out the http server port configuration:
# The http port this server will bind to. #server.port=8080 - Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password used to create the Server SSL Certificate KeyStore previously.
# Enables https connections. server.ssl.enabled=true # The https port this server will bind to. server.port=8443 # The path to the keystore that contains the SSL certificate server.ssl.key-store=config/insight-keystore # The password to the keystore that contains the SSL certificate server.ssl.key-store-password=<SSL Certificate KeyStore Password> # The alias of the SSL certificate in this keystore to use # to secure https connections server.ssl.key-alias=insight-server-https # TLS protocols and ciphers server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - Save the changes and close the editor.
- Restart the Xpress Insight Server.
- Open your browser with the new secure URL used in step 2. In this example,
https://localhost:8443.
Tip: If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java.
Next, perform the steps detailed in Execution Worker SSL Configuration.
Configuration on Linux
- Navigate to the
application.propertiesfile and use a suitable text editor to open it. This file is located in the <SERVER_CONFIG_DIR>. - Reconfigure the server URL to reflect the switch to https (server only).
Note: Use port 8443 for the server.
# The URL of the Xpress Insight user interface. insight.server.system.url=https://localhost:8443 - Comment out the http server port configuration:
# The http port this server will bind to. #server.port=8080 - Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password used to create the Server SSL Certificate KeyStore previously.
# Enable https connections. server.ssl.enabled=true # The https port this server will bind to. server.port=8443 # The path to the keystore that contains the SSL certificate server.ssl.key-store=/etc/fico-xpress-insight-server/insight-keystore # The password to the keystore that contains the SSL certificate server.ssl.key-store-password=<SSL Certificate KeyStore Password> # The alias of the SSL certificate in this keystore to use # to secure https connections server.ssl.key-alias=insight-server-https # TLS protocols and ciphers server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - Save the changes and close the editor.
- Restart the Xpress Insight Server.
- Open your browser with the new secure URL used in step 2. In this example,
https://localhost:8443.
Tip: If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java.
Next, perform the steps detailed in Execution Worker SSL Configuration.
© 2001-2024 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.