SSL can be enabled through xflicstat.cfg file.
Available settings:
HTTP_SSL - TRUE or FALSE. To enable SSL set it to TRUE. Default FALSE.
HTTP_SSL_REDIRECT - TRUE or FALSE. TRUE value enables automatic redirection from http to https. Default FALSE.
SSL_KEYSTORE - path to keystore with loaded certificate and its private key. Empty by default
SSL_KEYSTORE_PASSWORD - password to keystore. Empty by default.
SSL_KEYSTORE_KEY_ALIAS - key under which certificate is stored inside keystore. Default 'xflicstat'.
SSL_PROTOCOLS - defines which ssl/tls protocols are enabled. It should either be commented out or not empty. Default 'TLSv1.1,TLSv1.2,TLSv1.3'.
SSL_CIPHERS - contains list of enabled/disabled ciphers. It should either be commented out or not empty. Default 'HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA'.
Every key should be either commented out or non-empty. Commented setting has default value.
Example configuration:
HTTP_SSL = TRUE HTTP_SSL_REDIRECT = TRUE SSL_KEYSTORE = C:\Keystores\keystore.p12 SSL_KEYSTORE_PASSWORD = Password123 SSL_KEYSTORE_KEY_ALIAS = licstat SSL_PROTOCOLS = TLSv1.3 SSL_CIPHERS = HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA
Configuration above has enabled ssl, with automatic redirection from http to https. Certificate is stored inside keystore located at C:\Keystores\keystore.p12 under alias licstat. Type of the store is PKCS12. Only allowed protocol is TLSv1.3.
We demand algorithms with long keys (HIGH) with support for authentication (!aNULL) and encryption (!eNULL). Additionally we block some weaker algorithms (!EXPORT:!DES:!RC4:!MD5:!kRSA)