You can enable support for HTTPS in LuciadFusion through:

  • The use of a reverse proxy in front of LuciadFusion. In this setup, all access to LuciadFusion passes through the reverse proxy, which you can configure to enable HTTPS. For more information about setting up LuciadFusion with a reverse proxy based on Apache HTTP server, see How to set up the LuciadFusion Platform with a reverse proxy.

  • The use of Spring Security, which is included with LuciadFusion.
    To enable HTTPS, you first need an SSL certificate. You can request that from a certificate authority.
    For development and testing purposes, you can also generate a self-signed certificate, using the keytool utility that comes with every JRE.

    For example:

    >keytool -genkey -alias <alias> -storetype <type> -keyalg RSA -keysize 2048 -keystore keystore.p12 -validity 3650

    When you use the Jetty servlet container included with LuciadFusion 2024 and beyond, the hostname used in HTTPS requests needs to match the name used in the self-signed certificate. This can be achieved by entering the fully qualified hostname when keytool asks your first and last name. Note that hostnames such as localhost or IP addresses are not allowed.

    Move the resulting keystore file to the config folder. Next, enable HTTPS by setting these SSL properties in the LuciadFusion configuration file application-fusion.production-template.yml: 

    # SSL (https) can be enabled by setting the following properties:
#server.ssl.key-store: classpath:keystore.p12
#server.ssl.key-store-password: <password>
#server.ssl.keyStoreType: <type>
#server.ssl.keyAlias: <alias>