SSL can be enabled through xflicstat.cfg file.
Available settings:
HTTP_SSL - TRUE or FALSE. To enable SSL set it to TRUE. Default FALSE.
...
SSL_CIPHERS - contains list of enabled/disabled ciphers. It should either be commented out or not empty. Default 'HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'.
Every key should be either commented out or non-empty. Commented setting has default value.
Example configuration:
| Code Block | ||
|---|---|---|
| ||
HTTP_SSL = TRUE
HTTP_SSL_REDIRECT = TRUE
SSL_KEYSTORE = C:\Keystores\keystore.p12
SSL_KEYSTORE_PASSWORD = Password123
SSL_KEYSTORE_KEY_ALIAS = licstat
SSL_KEYSTORE_TYPE = PKCS12
SSL_PROTOCOLS = TLSv1.3
SSL_CIPHERS = HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA |
Configuration above has enabled ssl, with automatic redirection from http to https. Certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias licstat. Type of the store is PKCS12. Only allowed protocol is TLSv1.3. Ciphers: aNULL, eNULL, EXPORT, DES, RC4, MD5, kRSA are disabled, any cipher other than one of them, is allowed.
We demand algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL). Additionally we block some weaker algorithms (!EXPORT:!DES:!RC4:!MD5:!kRSA)
Frequently asked questions:
What is SSL?
SSL is a protocol of secure communication between server and client through the network.
...
In 5.x there were two files needed: certificate (defined as SSL_CERTIFICATE_FILE) and certificate private key (defined as SSL_CERTIFICATE_KEY_FILE). In 6.x both of these files must be placed into keystore. How to do it is described here: this articleSee this link for details.
What does 'Caused by: java.lang.IllegalArgumentException: Alias name [certificate_alias] does not identify a key entry' mean in my core.log file?
...
What can be the cause of 'APPLICATION FAILED TO START' in core.log file?
It could be caused by ssl SSL misconfiguration. Check if your settings comply to rules presented at the start of this page.
...