SSL can be enabled through xflicstat.cfg file.
Available settings:
HTTP_SSL - TRUE or FALSE. To enable SSL set it to TRUE.
HTTP_SSL_REDIRECT - TRUE or FALSE. TRUE value enables automatic redirection from http to https.
SSL_KEYSTORE - path to keystore with loaded certificate and its private key.
SSL_KEYSTORE_PASSWORD - password to keystore.
SSL_KEYSTORE_KEY_ALIAS - key under which certificate is stored inside keystore.
SSL_KEYSTORE_TYPE - type of keystore. License Statistics is able to use only JKS or PKCS12 keystores.
SSL_PROTOCOLS - defines which ssl/tls protocols are enabled.
SSL_CIPHERS - contains list of enabled/disabled ciphers.
Example configuration:
HTTP_SSL = TRUE HTTP_SSL_REDIRECT = TRUE SSL_KEYSTORE = C:\Keystores\keystore.p12 SSL_KEYSTORE_PASSWORD = Password123 SSL_KEYSTORE_KEY_ALIAS = licstat SSL_KEYSTORE_TYPE = PKCS12 SSL_PROTOCOLS = TLSv1.3 SSL_CIPHERS = !aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA
Configuration above has enabled ssl, with automatic redirection from http to https. Certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias licstat. Type of the store is PKCS12. Only allowed protocol is TLSv1.3. Ciphers: aNULL, eNULL, EXPORT, DES, RC4, MD5, kRSA are disabled, any cipher other than on of them, is allowed.
Frequently asked questions:
What is SSL?
SSL is a protocol of secure communication between server and client through the network.
What is TLS?
It is a newer version of SSL. See "What is SSL?". In practice SSL and TLS names are used interchangeably.
What do I gain from enabling SSL?
It ensures that data sent from application (f.e. report about license usage) and to application (f.e. login credentials) is encrypted. It also allows web browser to verify if connection is secure.
What is keystore?
It is a file secured with password that can contain one or many certificates with or without their private keys.
Which ssl protocols should I enable?
The newer, the better (currently newest is TLS v1.3). But be aware that some older browsers could not support newer protocol versions.
Which ciphers should I enable/disable?
The ones that are known to be broken should be disabled. The list changes with time, new ciphers are created, and some old ones are being broken. Most of the time defaults should be up to date.
I have a certificate file and key, how do I create keystore?
It is described in this article
How do I migrate SSL settings from Licstat 5.x to 6.x?
In 5.x there were two files needed: certificate (defined as SSL_CERTIFICATE_FILE) and certificate private key (defined as SSL_CERTIFICATE_KEY_FILE). In 6.x both of these files must be placed into keystore. How to do it is described here: link.