SSL can be enabled through in the xflicstat.cfg file. Available settings
...
include the following.
| Setting | Default | Description |
|---|---|---|
| HTTP_SSL |
...
| FALSE | May be set to TRUE or FALSE. To enable SSL, set it to TRUE |
...
| . |
| HTTP_SSL_REDIRECT |
...
| FALSE | May be set to TRUE or FALSE. |
...
| Set the value to TRUE to enable automatic redirection from http to https |
...
| . |
| SSL_KEYSTORE |
...
| empty | Path to keystore with loaded certificate and its private key. |
...
| SSL_KEYSTORE_PASSWORD |
...
| empty | Password to keystore. |
...
| SSL_KEYSTORE_KEY_ALIAS |
...
| xflicstat | Key under which certificate is stored inside keystore. |
...
| SSL_PROTOCOLS |
...
| TLSv1.1,TLSv1.2,TLSv1.3 |
...
...
| Defines which SSL/TLS protocols are enabled. This setting should either be commented out or not empty. |
...
| SSL_CIPHERS | HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA |
...
| List of enabled/disabled ciphers. This setting should either be commented out or not empty. |
Every key should either be either commented out or non-empty. Commented setting has -out settings contain the default value.
Example configuration
The configuration example below shows:
- Enabled SSL with automatic redirection from http to https.
- The certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias licstat.
- The only allowed protocol is TLSv1.3.
- Only algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL) are allowed, and some weaker algorithms are blocked (!EXPORT:!DES:!RC4:!MD5:!kRSA).
| Code Block | ||
|---|---|---|
| ||
HTTP_SSL = TRUE
HTTP_SSL_REDIRECT = TRUE
SSL_KEYSTORE = C:\Keystores\keystore.p12
SSL_KEYSTORE_PASSWORD = Password123
SSL_KEYSTORE_KEY_ALIAS = licstat
SSL_PROTOCOLS = TLSv1.3
SSL_CIPHERS = HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA |
...
: |
...
!EXPORT:!DES:!RC4:!MD5:!kRSA |
...