Configure the License Server

Overview

You configure the License Server using a file named spring-context.xml, located in the conf folder.

The License Server cannot start if there is no configuration file, or if the file does not define security properties.

Configure SSL/TLS

The License Server uses HTTP to communicate with Semarchy xDI clients. You must first configure SSL/TLS.

Enable SSL/TLS

To enable SSL/TLS, define security properties in a bean node with the com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin class, as shown:

Example 1. Security properties definition - Enable SSL/TLS
<beans ...>
 <...>
 <bean class="com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin">
  <property name="enableSsl" value="true"></property>
  <property name="keyStoreType" value="JKS"></property>
  <property name="keyStore" value="path_to_keystore/keystore.jks"></property>
  <property name="keyStorePassword" value="keystore_password"></property>
  <property name="keyAlias" value="key_alias"></property>
  <property name="keyPassword" value="key_password"></property>
 </bean>
 <...>
</beans>
Table 1. Security Properties
Parameter Description

enableSsl

This parameter is mandatory. It allows to enable or disable SSL/TLS.

disableSNIHostCheck

Enable or disable strict hostname checks, such as when using self-signed certificates.

keyStoreType

Java keystore type, such as JKS.

keyStore

The relative or absolute path to the Java keystore containing the certificate used to secure the endpoints.

keyStorePassword

Password of the keystore file.

keyAlias

Alias of the key in the keystore.

keyPassword

Password of the key.

You can define additional SSL/TLS settings in the com.semarchy.xdi.license.server.plugin.tls.impl.DesignerTlsPlugin bean node.

Example 2. Additional SSL/TLS settings
<beans ...>
 <...>
 <bean class="com.semarchy.xdi.license.server.plugin.tls.impl.DesignerTlsPlugin">
  <property name="includeProtocols">
   <array value-type="java.lang.String">
    <!--<value>TLSv1.2</value>-->
   </array>
  </property>
  <!-- excludeProtocols: list of TLS protocols to refuse to use -->
  <property name="excludeProtocols">
   <array value-type="java.lang.String">
    <!--<value>TLSv1</value>-->
    <!--<value>TLSv1.1</value>-->
    <!--<value>TLSv1.2</value>-->
   </array>
  </property>
 </bean>
 <...>
</beans>

Self-signed certificates

If you enable SSL/TLS, and want use a self-signed certificate, you must configure both the License Server and xDI Designer. The general steps are as follows:

  1. In the License Server configuration file, set the disableSNIHostCheck property to true.

  2. Add the self-signed certificate to Designer.

  3. Disable hostname verification in Designer.

For information about configuring these settings in Designer, see the section about the License Server certificate in Designer

Your version of xDI Designer needs to be later than 20.4.0 to work with custom certificates.

Disable SSL/TLS

You can disable SSL/TLS in the License Server by setting the enableSsl property to false in the com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin bean node.

If you disable SSL/TLS in the license server, you must add another SSL/TLS layer such as a proxy, load balancer, or similar. This is required for xDI Designer, as Designer refuses insecure connections.
Example 3. Security properties definition - Disable SSL/TLS
<beans ...>
 <...>
 <bean class="com.semarchy.xdi.license.server.plugin.ssl.impl.DesignerSslPlugin">
  <property name="enableSsl" value="false"></property>
 </bean>
 <...>
</beans>