Initializing help system before first use

Create a Self-Signed KeyStore

This topic explains how to generate a KeyStore containing a new self-signed SSL certificate and private key. Self-signed certificates can be useful for evaluation environments, however they are not as secure as certificates signed by a public authority. The Insight 5 Server and each worker should have its own certificate.
Perform this process for the server and each worker.

Create a Server KeyStore with a Self-Signed Certificate

To create a self-signed X.509 SSL certificate and its key for the Insight 5 Server and add it to a KeyStore, perform the following steps:
  1. Open a Command Prompt and navigate to the OS-dependent <SERVER_CONFIG_DIR>.
  2. Enter the following command. 
    keytool -genkey -v -keystore insight-keystore 
-keyalg RSA -keysize 2048 -validity 10000 -alias insight-server-https 
-dname "cn=<server-hostname>, ou=Unknown, o=Unknown, c=Unknown" -ext "SAN=dns:<server-hostname>"
    SAN is a comma-separated list of alternate hostnames that this certificate should be applied to. Hostnames should be prefixed with dns:<hostname> while IP addresses should be prefixed with ip:<IP address>.
  3. Provide and confirm a KeyStore password.
A new file named insight-keystore is created. Next, perform the steps detailed in Insight Server SSL Configuration.

Create a Worker KeyStore with a Self-Signed Certificate

To create a KeyStore containing a X.509 SSL certificate and its key for the Insight 5 Worker and add it to a KeyStore, perform the following steps:

  1. Open a Command Prompt and navigate to the OS-dependent <WORKER_CONFIG_DIR>.
  2. Enter the following command, then respond to each of the prompts. 
    keytool -genkey -v -keystore insight-keystore 
-keyalg RSA -keysize 2048 -validity 10000 -alias insight-worker-https 
-dname "cn=<worker-hostname>, ou=Unknown, o=Unknown, c=Unknown" -ext "SAN=dns:<worker-hostname>"
    SAN is a comma-separated list of alternate hostnames that this certificate should be applied to. Hostnames should be prefixed with dns:<hostname> while IP addresses should be prefixed with ip:<IP address>.
  3. Provide and confirm a KeyStore password.
A new file named insight-keystore is created. Next, perform the steps detailed in Execution Worker SSL Configuration.
Parent Topic Enabling HTTPS with Xpress Insight Server

© 2001-2025 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.