Page History

Windows configuration

In Windows, SSL can be enabled using the webserver settings in the License Statistics Manager. See Using the License Statistics Manager for more information.

Image Added

Linux configuration

In Linux, SSL can be enabled through using the xflicstat.cfg file. Available settings

...

in the xflicstat.cfg file include the following.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Example xflicstat.cfg configuration

The configuration example below shows:

• Enabled SSL with automatic redirection from http to https.
• The certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias xflicstat. 
• The only allowed protocol is TLSv1.2. 
• Only algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL) are allowed, and some weaker algorithms are blocked (!EXPORT:!DES:!RC4:!MD5:!kRSA).
  
  

HTTP_SSL = TRUE
HTTP_SSL_REDIRECT = TRUE
SSL_KEYSTORE = C:\Keystores\keystore.p12
SSL_KEYSTORE_PASSWORD = Password123
SSL_KEYSTORE_KEY_ALIAS = licstatxflicstat
SSL_KEYSTORE_TYPE = PKCS12
SSL_PROTOCOLS = TLSv1.32
SSL_CIPHERS = HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA

Configuration above has enabled ssl, with automatic redirection from http to https. Certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias licstat. Type of the store is PKCS12. Only allowed protocol is TLSv1.3.  Ciphers: aNULL, eNULL, EXPORT, DES, RC4, MD5, kRSA are disabled, any cipher other than one of them, is allowed.

Frequently asked questions:

What is SSL?

SSL is a protocol of secure communication between server and client through the network.

What is TLS?

It is a newer version of SSL. See "What is SSL?". In practice SSL and TLS names are used interchangeably.

What do I gain from enabling SSL?

It ensures that data sent from application (f.e. report about license usage) and to application (f.e. login credentials) is encrypted. It also allows web browser to verify if connection is secure.

What is keystore?

It is a file secured with password that can contain one or many certificates with or without their private keys.

Which ssl protocols should I enable?

The newer, the better (currently newest is TLS v1.3). But be aware that some older browsers could not support newer protocol versions.

Which ciphers should I enable/disable?

The ones that are known to be broken should be disabled. The list changes with time, new ciphers are created, and some old ones are being broken. Most of the time defaults should be up to date.

I have a certificate file and key, how do I create keystore?

It is described in this article.

How do I migrate SSL settings from Licstat 5.x to 6.x?

In 5.x there were two files needed: certificate (defined as SSL_CERTIFICATE_FILE) and certificate private key (defined as SSL_CERTIFICATE_KEY_FILE). In 6.x both of these files must be placed into keystore. How to do it is described here: this article.

What does 'Caused by: java.lang.IllegalArgumentException: Alias name [certificate_alias] does not identify a key entry' mean in my core.log file?

It means that License Statistics could not find certificate in keystore under given alias. Make sure that alias you provided in xflicstat.cfg is same as alias of certificate in keystore.

What can be the cause of 'APPLICATION FAILED TO START' in core.log file?

...