Initializing help system before first use

Enabling HTTPS with Xpress Insight Server

After enabling HTTPS with Xpress Insight Server, you can customize the HTTPS port.
There are some prerequisites for this task.
  • Either:
    • An X.509 SSL certificate (and intermediate chain) in PEM format for the fully qualified domain name of server where Xpress Insight Server is installed (for example, host.company.com , or wildcard *.company.com) .
    • OpenSSL installed (or other tool able to convert PEM to PKCS12 files)
    • Private key for the SSL certificate, also in PEM format
  • A Java KeyStore containing an X.509 SSL certificate and its key. For more, see Create the SSL Certificate KeyStore.
Tip: For testing purposes, a self-signed KeyStore can be created. For more, see Create a Self-Signed Keystore.

These instructions are OS agnostic—The same instructions work for both Windows and Linux.

To enable https on the Xpress Insight Server:

  1. Configure the Xpress Insight Server to use SSL. For more, see Insight Server SSL Configuration.
  2. Configure the Xpress Insight Workers to use SSL. For more, see Execution Worker SSL Configuration.
  3. Ensure the server and workers trust their certificates. For more, see Trusting Self-Signed Certificates.
  4. For additional security, encrypt the configuration files. For more, see the following sections:
When HTTPS is enabled, Xpress Insight will use HTTP/2 over TLS (which we recommend for the best performance). Without HTTPS, Insight will fall back to h2c (HTTP/2 over TCP) for communication between the server and worker, and HTTP/1 between the server and browser. If these cause problems on your infrastructure, you can configure Insight to use HTTP/1 instead.
  1. Navigate to the application.properties files and use a suitable text editor to open them. These files are located in the <WORKER_CONFIG_DIR> and <SERVER_CONFIG_DIR>, see Important Note about this Guide. You need to edit both of them.
  2. Uncomment the server.http2.enabled line in the HTTP/2 configuration section: 
    ## If you have problems with h2 or h2c, fall back to HTTP/1 by uncommenting the line below.
server.http2.enabled=false
Covered Topics
  • Configuring a Secure Connection
    The connection between Xpress Insight 5 and MySQL should be secured by enabling an SSL connection.
  • Create the SSL Certificate KeyStore
    This topic explains how to create a KeyStore containing your existing SSL certificate and private key. The certificate within the KeyStore is used to encrypt the SSL connection.
  • Create a Self-Signed KeyStore
    This topic explains how to generate a KeyStore containing a new self-signed SSL certificate and private key. Self-signed certificates can be useful for evaluation environments, however they are not as secure as certificates signed by a public authority. The Insight 5 Server and each worker should have its own certificate.
  • Insight Server SSL Configuration
    You can enable HTTPS for the Xpress Insight Server.
  • Execution Worker SSL Configuration
    You can enable HTTPS for the Xpress Insight worker.
  • Trusting Self-Signed Certificates
    You can use self-signed certificates to encrypt https communication; however these certificates are not as secure as certificates issued by a public authority and are, by default, rejected by browsers and client software such as Java.
Parent Topic Securing Xpress Insight

© 2001-2024 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.