Enable HTTPS in Spectrum

By default the Spectrum Technology Platform server uses HTTP for communication with Spectrum Enterprise Designer, browser applications such as Spectrum Management Console and Metadata Insights, as well as for handling web service requests and API calls.

You can configure Spectrum Technology Platform to use HTTPS if you want to secure these network communications.

Note: Spectrum Technology Platform uses TLS 1.2 to encrypt communication. Applications that access Spectrum Technology Platform web services or the API must support TLS 1.2 in order to connect over HTTPS.

This procedure describes how to enable HTTPS communication on a single-server installation of Spectrum Technology Platform. If you want to use HTTPS and you are running Spectrum Technology Platform in a cluster, do not follow this procedure. Instead, configure the load balancer to use HTTPS for communication with clients. Communication between the load balancer and the Spectrum Technology Platform nodes, and between the nodes themselves, will be unencrypted because Spectrum Technology Platform clustering does not support HTTPS. The load balancer and the Spectrum Technology Platform servers in the cluster must be behind a firewall to provide a secure environment.

To configure HTTPS communication for a single-server installation of Spectrum Technology Platform:

Stop the Spectrum Technology Platform server.
- To stop the server on Windows, right-click the Spectrum Technology Platform icon in the Windows system tray and select Stop Spectrum. Alternatively, you can use the Windows Services control panel and stop the Precisely Spectrum Technology Platform service.
- To stop the server on Linux, source the SpectrumDirectory/server/bin/setup script then execute the SpectrumDirectory/server/bin/server.stop script.
Load the certificate into a JSSE keystore. For more information, see Loading Keys and Certificates in the Jetty 9 documentation.
Using a text editor, open the file spectrum-container.properties located in SpectrumDirectory/server/conf.
1. Uncomment and configure Spectrum HTTP settings:
```
##############################################
#Spectrum HTTP settings
##############################################
spectrum.http.default.protocol=https
spectrum.https.enabled=true
spectrum.https.port=8443
```
  The spectrum.keystore and spectrum.encryption settings in this section should be configured to match your installation.
2. Configure settings in the Spectrum SSL settings section as required to match your installation.
3. Uncomment and configure hostname and port in the Spectrum runtime settings:
```
##############################################
#Spectrum runtime settings
##############################################
spectrum.runtime.hostname=fully qualified domain name
spectrum.runtime.port=8443
```
Import the certificates you are using. For example:
keytool -importkeystore -srckeystore "C:\Precisely\Spectrum\server\conf\certs\keystore.p12" -destkeystore "C:\Precisely\Spectrum\server\conf\certs\truststore.p12" -deststoretype pkcs12
If you are using a self-signed certificate, see Implementing self-signed certificates.
If you are configuring HTTPS communication for Spectrum Spatial and services, you must perform an additional configuration prior to restarting the Spectrum Technology Platform server.
In Spectrum Spatial Manager, change the URLs in these service configurations to use HTTPS:
- Mapping (only necessary when accessing the Mapping Service via SOAP and when the ReturnImage parameter for a RenderMap request is False)
- WFS
- WMS
- WMTS
For instructions, see Spectrum Spatial Manager under the Managing Spatial section of the Spectrum Spatial Guide.
Start the Spectrum Technology Platform server.
- To start the server on Windows, right-click the Spectrum Technology Platform icon in the Windows system tray and select Start Spectrum. Alternatively, you can use the Windows Services control panel to start the Precisely Spectrum Technology Platform service.
- To start the server on Linux, execute the SpectrumDirectory/server/bin/server.start script.