Enable HTTPS
MATLAB® Production Server™ uses HTTPS to establish secure connections between server instances and clients. HTTPS provides certificate-based authentication for the client to validate the connection to the server. Optionally, you can configure HTTPS such that the server can provide certificate-based authentication of the client. For more information on configuring client authentication, see Configure Client Authentication. HTTPS also provides an encrypted data path between the clients and server instances.
Acquire and Copy SSL Certificate and Key
To set up HTTPS on a server instance, you must save an SSL certificate and the
corresponding private key to the
<instance_root>/x509/
To generate a self-signed SSL certificate, you can use the following
openssl
command:
openssl req -x509 -nodes -newkey rsa:4096 -keyout private_key.pem -out cert_chain.pem -days 365
cert_chain.pem with a
private key private_key.pem. The certificate is valid for 365
days. For more information, see OpenSSL.Self-signed SSL certificates are suitable for use in testing environments as they offer encryption but do not offer authentication. SSL certificates signed by a certificate authority (CA) are suitable for production environments.
Edit Configuration File
To configure HTTPS, specify the following properties in the
main_config configuration file of the server instance:
https: HTTPS portx509-cert-chain: Valid certificate in a PEM-format certificate chainx509-private-key: Valid private key in PEM format
When you set the https property on the
server, you must set both the x509-cert-chain and
x509-private-key
properties; otherwise, the server fails to start. For more information about the
server configuration file, see Server Configuration Properties.
The following configuration excerpt configures a server instance to accept secure
connections on port port, using the certificate stored in
./x509/cert_chain.pem and the unencrypted private key stored
in ./x509/private_key.pem.
...
--https port
--x509-cert-chain ./x509/cert_chain.pem
--x509-private-key ./x509/private_key.pem
...In production settings that require greater security than that provided by an
unencrypted private key, use an encrypted private key. You specify the passphrase
for decrypting the private key in a file with owner-read-only access, and use the
x509-passphrase
property to tell the server instance about it.
...
--https port
--x509-cert-chain ./x509/cert_chain.pem
--x509-private-key ./x509/private_key.pem
--x509-passphrase ./x509/key_passphrase
...You must set either the http property, the
https property or both properties for the server to start.
To ensure that clients communicate with the server using only HTTPS and not HTTP,
you must disable the http property. If both the
https and http properties are enabled,
clients can communicate with the server using both HTTPS and HTTP. It is recommended
that you enable the https property unless HTTP support is
required.
Related Topics
You can also select a web site from the following list
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asia Pacific
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)