|The information on this page refers to License Statistics v6.6 or newer, which introduced the License Statistics Manager to replace direct editing of the xflicstat.cfg configuration file (Windows only). If you are using an earlier version of License Statistics, please refer to the documentation for releases prior to v6.6.|
In Linux, SSL can be enabled using the xflicstat.cfg file. Available settings in the xflicstat.cfg file include the following.
|HTTP_SSL||FALSE||May be set to TRUE or FALSE. To enable SSL, set it to TRUE.|
|HTTP_SSL_REDIRECT||FALSE||May be set to TRUE or FALSE. Set the value to TRUE to enable automatic redirection from http to https.|
|SSL_KEYSTORE||empty||Path to keystore with loaded certificate and its private key.|
|SSL_KEYSTORE_PASSWORD||empty||Password to keystore.|
|SSL_KEYSTORE_KEY_ALIAS||xflicstat||Key under which certificate is stored inside keystore.|
|SSL_PROTOCOLS||TLSv1.1,TLSv1.2,TLSv1.3||Defines which SSL/TLS protocols are enabled.|
|SSL_CIPHERS||HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA||List of enabled/disabled ciphers.|
Every key should either be commented out or non-empty. Commented-out settings contain the default value.
Example xflicstat.cfg configuration
The configuration example below shows:
- Enabled SSL with automatic redirection from http to https.
- The certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias xflicstat.
- The only allowed protocol is TLSv1.2.
- Only algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL) are allowed, and some weaker algorithms are blocked (!EXPORT:!DES:!RC4:!MD5:!kRSA).