Enable HTTPS

MATLAB® Production Server™ uses HTTPS to establish secure connections between server instances and clients. HTTPS provides certificate-based authentication for the client to validate the connection to the server. Optionally, you can configure HTTPS such that the server can provide certificate-based authentication of the client. For more information on configuring client authentication, see Configure Client Authentication. HTTPS also provides an encrypted data path between the clients and server instances.

To configure HTTPS, specify the following properties in the main_config configuration file of the server instance:

For more information about the server configuration file, see Edit the Configuration File.

The following configuration excerpt configures a server instance to accept secure connections on port port, using the certificate stored in ./x509/my-cert.pem and the unencrypted private key stored in ./x509/my-key.pem.

...
--https port
--x509-cert-chain ./x509/my-cert.pem
--x509-private-key ./x509/my-key.pem
...

Starting in R2019b, if https is enabled on the server, you must set both the x509-cert-chain and x509-private-key properties; otherwise, the server fails to start.

In production settings that require greater security than that provided by an unencrypted private key, use an encrypted private key. You specify the passphrase for decrypting the private key in a file with owner-read-only access, and use the x509-passphrase property to tell the server instance about it.

...
--https port
--x509-cert-chain ./x509/my-cert.pem
--x509-private-key ./x509/my-key.pem
--x509-passphrase ./x509/my-passphrase
...

You must set either the http property, the https property or both properties for the server to start. To ensure that clients communicate with the server using only HTTPS and not HTTP, you must disable the http property. If both the https and http properties are enabled, clients can communicate with the server using both HTTPS and HTTP. It is recommended that you enable the https property unless HTTP support is required.

See Also

| |

Related Topics