Execution Worker SSL Configuration
You can enable HTTPS for the Xpress Insight worker.
|
Important: This procedure is necessary only if the server and worker are installed on separate machines. If the server and worker are on the same machine, only the server needs to be configured for SSL.
|
Configuration on Windows
- Navigate to the
application.propertiesfile and use a suitable text editor to open it. This file is located in the <WORKER_CONFIG_DIR> folder. - Comment out the http server port configuration:
# The http port this server will bind to. #server.port=9080 - Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password previously used to create the Worker SSL Certificate KeyStore.
Note: Use port 9443 for the worker.# Enables https connections. server.ssl.enabled=true # The https port this worker will bind to. server.port=9443 # The path to the keystore that contains the SSL certificate server.ssl.key-store=config/insight-keystore # The password to the keystore that contains the SSL certificate server.ssl.key-store-password=<SSL Certificate KeyStore Password> # The alias of the SSL certificate in this keystore to use to secure https connections server.ssl.key-alias=insight-worker-https # TLS protocols and ciphers server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - Save the changes and close the editor.
- Restart the Xpress Insight Worker.
- Open
https://<worker-hostname>:9443/worker/rest/alivein your browser.
Tip: If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java. - Your browser will display "1".
Repeat this process for all Workers, then perform the steps detailed in Trusting Self Signed Certificates.
Configuration on Linux
- Navigate to the
application.propertiesfile and use a suitable text editor to open it. This file is located in the <WORKER_CONFIG_DIR> folder. - Comment out the http server port configuration:
# The http port this server will bind to. #server.port=9080 - Un-comment and configure the following properties, configuring the KeyStore password with the KeyStore password previously used to create the Worker SSL Certificate KeyStore.
Note: Use port 9443 for the worker.
# Enables https connections. server.ssl.enabled=true # The https port this server will bind to. server.port=9443 # The path to the keystore that contains the SSL certificate server.ssl.key-store=/etc/fico-xpress-insight-worker/insight-keystore # The password to the keystore that contains the SSL certificate server.ssl.key-store-password=<SSL Certificate KeyStore Password> # The alias of the SSL certificate in this keystore to use to secure https connections server.ssl.key-alias=insight-worker-https # TLS protocols and ciphers server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - Save the changes and close the editor.
- Restart the Xpress Insight Worker.
- Open
https://<worker-hostname>:9443/worker/rest/alivein your browser.
Tip: If you are testing with self-signed certificates, bear in mind they are sometimes rejected by certain browsers and client software such as Java. - Your browser will display "1".
Repeat this process for all Workers, then perform the steps detailed in Trusting Self Signed Certificates.
© 2001-2025 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.