Initializing help system before first use

Create the SSL Certificate KeyStore

This topic explains how to create a KeyStore containing your existing SSL certificate and private key. The certificate within the KeyStore is used to encrypt the SSL connection.

To create the Server KeyStore

  1. Ensure that your files for the SSL certificate certificate.pem and private key privatekey.pem are saved in the OS-dependent <SERVER_CONFIG_DIR> folder. For more on <SERVER_CONFIG_DIR>, see Important Note about this Guide.
  2. Convert the PEM files into a temporary PKCS12 KeyStore file. You will be prompted to supply a password for this new KeyStore. 
    openssl pkcs12 -export -name insight-server-https -in certificate.pem -inkey privatekey.pem -out temp-keystore.p12
  3. Convert the PKCS12 KeyStore file into a Java KeyStore file. You will be prompted to enter the password entered in the previous step, and to provide a password for the destination Java KeyStore. 
    keytool -importkeystore -destkeystore insight-keystore -srckeystore temp-keystore.p12 -srcstoretype pkcs12 -alias insight-server-https
  4. Remove the temporary PKCS12 KeyStore file temp-keystore.p12.
  5. Remove the SSL certificate certificate.pem and private key privatekey.pem, ensuring you retain a copy in a secure location for future reference.

To create the Worker KeyStore

Repeat these steps on each installed Insight Worker.
  1. Ensure that your files for the SSL certificate certificate.pem and private key privatekey.pem are saved in the appropriate OS-dependent <WORKER_CONFIG_DIR> folder. For more on <WORKER_CONFIG_DIR>, see Important Note about this Guide.
  2. Convert the PEM files into a temporary PKCS12 KeyStore file. You will be prompted to supply a password for this new KeyStore. 
    openssl pkcs12 -export -name insight-worker-https -in certificate.pem -inkey privatekey.pem -out temp-keystore.p12
  3. Convert the PKCS12 KeyStore file into a Java KeyStore file. You will be prompted to enter the password entered in the previous step, and to provide a password for the destination Java KeyStore. 
    keytool -importkeystore -destkeystore insight-keystore -srckeystore temp-keystore.p12 -srcstoretype pkcs12 -alias insight-worker-https
  4. Remove the temporary PKCS12 KeyStore file temp-keystore.p12.
  5. Remove the SSL certificate certificate.pem and private key privatekey.pem, ensuring you retain a copy in a secure location for future reference.
Parent Topic Enabling HTTPS with Xpress Insight Server

© 2001-2024 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.