InformixHQ setup as Secured Server (SSL)

About this task

This topic explains steps for setting up InformixHQ as Secured Server (SSL)

Procedure

  1. Create SSL keystore with self-signed certificate.
    • Use the following command to create jks keystore with self-signed certificate on HQ server at desired path:
      keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks
    • Modify -alias and -keystore values as needed.
    • User will be prompted to set keystore password, enter the password of your choice.
    • Remember to note the password as this will be needed at a later stage.
    • Password can also be set using argument -storepass in the keytool command given above.
    • User must type the HQ server hostname in response to keytool’s first prompt in which it asks for first and last names. InformixHQ agent will check for this value while attempting a secured connection.
    • After this user will be asked a few more questions about unit, organization, locality, province, country. Provide values as per your choice, any values are fine.
    • Once all the values are entered, user will be asked for confirmation, type "yes".
    • Now, user will be asked password for certificate in keystore. If you wish to keep this password same as keystore (entered in step 1), press enter. If different password, remember to note it down for later use.

    For further details on how to generate jks self-signed certificate, refer How to use keytool to create a server certificate and How to create a self signed certificate using Java Keytool

  2. Note down SSL keystore path, filename just created.
  3. Modify informixhq-server.properties to add/modify following properties:
    • httpPort=8080
    • httpsPort=8082 (HQ server port serving secured connections)
    • redirectHTTPtoHTTPS=true (if true, redirects http request to https)
    • ssl.keystore.file=<Keystore absolute path with file name>
    • ssl.keystore.password=<password>
    • #ssl.key.password=<password> (Use this only if you have set different password for certificate within keystore)
  4. Now start InformixHQ server as usual.
  5. Open a browser and enter the following url: 
    http://<HQserverhost>:8080 OR https://<HQserverhost>:8082

    If redirectHTTPtoHTTPS is set to true, it will automatically direct http request to https port.

    Note:

    1) Internally InformixHQ server uses self-signed certificate to authenticate secured connection.

    2) User can verify by providing incorrect values for ssl.keystore.file or ssl.keystore.password in parameter file informixhq-server.properties. After this, if user tris to access HQ server from a browser, it will respond with “connection refused."

    3) On a windows machine, add double slash for keystore path such as D:\\SSL\\keystore\\key.jks