Security
This topic provides answers to some frequently asked questions on InformixHQ security.
How can I configure HTTPS and/or SSL for InformixHQ?
To use the Secure Sockets Layer (SSL) protocol to encrypt communication with InformixHQ, you will need a keystore and certificate. You can use the method that best fits your environment for creating the keystore and certificate, for example Java keytool, OpenSSL, or even the IBM Global Security Kit (GSKit).
- Configuring HTTPS in the InformixHQ server
Once you have the keystore, secure the InformixHQ web user interface and REST API by configuring HTTPS in the InformixHQ server. To configure HTTPS in the InformixHQ server, in your InformixHQ server properties file, set the httpsPort, ssl.keystore.file, and ssl.keystore.password properties and potentially also the ssl.key.password property if your key password is different from the keystore password.
Additionally, if you want to disable HTTP access to the InformixHQ so that all communication to and from the InformixHQ server uses HTTPS, set the httpPort to -1 in your properties file. If instead you would like the InformixHQ server to automatically redirect all HTTP traffic to the HTTPS port, set the redirectHTTPtoHTTPS property to true.
Figure 1. Sample InformixHQ server properties file with HTTPS enabled 
-
Once you have HTTPS enabled in the InformixHQ server, you must configure your InformixHQ agents to encrypt their web socket communication with the InformixHQ server. If you use the Deploy Agent button in the UI to have the InformixHQ server automatically deploy the agent, it will automatically configure the agent to use SSL if the InformixHQ server has HTTPS enabled.
If you are starting your agents manually to enable SSL, set the ssl.enable property to true in your agent configuration file and then set the ssl.keystore.file property, the ssl.keystore.password property.
Figure 2. Sample InformixHQ server properties file with SSL enabled 
How can I encrpyt the internal H2 database that the InformixHQ server uses?
The InformixHQ server creates an H2 database to store its internal metadata. The H2 database file, h2db.mv.db will be created in the directory where you start the InformixHQ server. It will store information about the groups and servers you define in the tool (including the database server connection credentials), the monitoring and alerting profiles, and alerting incidents.
h2.encrypt.enable=true
h2.encyrpt.password=some_password
Optionally, you can also set the h2.encrypt.algorithm property if you want to set the encryption algorithm to something other than AES.
How can I configure InformixHQ to use SSL when connecting to my database server?
If your database supports or requires SSL connections, you can setup SSL using the connection properties on the Add Server page when adding the server or on the server’s Setup page after it is created.
You must add the following connection properties in order to use SSL on InformixHQ’s JDBC connections to your database server:SSLCONNECTION=true
SSL_TRUSTSTORE=/path/to/truststore
SSL_TRUSTSTORE_PASSWORD=password
The truststore/keystore file that you specify must be present both where InformixHQ server is running as well as the machine where the InformixHQ agent is running.
For more information, see Adding Severs and Groups.