Due to recent updates, all users are required to create an Altair One account to login to the RapidMiner community. Click the Register button to create your account using the same email that you have previously used to login to the RapidMiner community. This will ensure that any previously created content will be synced to your Altair One account. Once you login, you will be asked to provide a username that identifies you to other Community users. Email us at Community with questions.
Enabling SSL in RM Server
Hi RMers,
I've been trying to enable SSL access on the port 8443 again, which I have used with a lot of effort with RM 8.2 before. Unfortunately, I don't have the standalone.xml file that used to work.
I've been following the guide
which at least has an error on the line
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile chain.crt -name "pkcs12alias"
The
-certfile chain.crt
is not needed.Then, I modified the standalone file to enable the HTTPS part, the server starts but when I try to access it, the following happens:
I have tried providing the full path to the certificate.keystore file and including the
cipher-suite = ...
part with no luck.
The server works normally with HTTP (port 8080).
I have wasted a couple of hours with this already, I would appreciate some help! The feeling of deja vu is the worst part, as exactly the same had happened with the 8.2 server, and these things are so janky and undocumented that unless either the configutation or the documentation is improved, it will continue to happen.
Regards,
Sebastian
Tagged:
0
Answers
Scott
subjectAltName = DNS: https://rmdemoLALALA.de, DNS: localhost, DNS: https://10.0.250.73
Regards,
You should not add the IP as a DNS, but rather as an IP.
See here: https://blog.pki.dfn.de/tag/subjectalternativename/
and here: https://stackoverflow.com/a/50864416/2333093
Edit: And to make it not too easy, the following quote is also quite interesting:
"Just to add some confusion many browsers will accept SAN's like DNS:10.0.0.1 but not IP:10.0.0.1, but the good news is you can have both"
Regards,
Marco