Enabling HTTPS

To create secure connections between RapidMiner Studio and RapidMiner Server, configure HTTPS (HTTP with SSL) for both incoming and outgoing connections. If you need to change the default port (8443) for HTTPS communication, you can see the section on changing ports.

Making changes on RapidMiner Server

Follow these steps to enable an SSL-encrypted connection:

  1. Obtain an SSL certificate from a certificate authority of your choice. The certificate must be available as a PKCS #12 keystore (having a file extension of .p12 or .pfx). If the certificate is not in a PKCS #12 format, consult the CA's documentation for instructions on converting it.

    Note: SSL certificates are issued per domain or per host name. Make sure that the hostname of the certificate matches the hostname of your RapidMiner Server installation. Otherwise, accessing browsers will show warnings and may even block access entirely.

  2. Import the certificate into your Java keystore, using the Java tool keytool, as follows:

     keytool -importkeystore -destkeystore rms.keystore -srckeystore yourkeystore.p12 -srcstoretype PKCS12 -srcalias alias -destalias rms -trustcacerts
    
  3. Copy the generated rms.keystore to the folder /standalone/configuration in your RapidMiner Server installation directory.

  4. Open the file standalone.xml. It is located in standalone/configuration of the RapidMiner Server installation directory.

  5. Locate the tag <connector name="https" ... />. Uncomment the following snippet directly below the tag (by deleting <!-- and -->) and edit the password to match the password of your keystore. (If you cannot find the commented snippet, just copy the code below and paste it directly after the <connector name="http" ... /> tag.):

     <!--
    
     <connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" enable-lookups="false" secure="true">
    
     <ssl name="ssl" password="secret" protocol="TLSv1" key-alias="rms" certificate-key-file=" ${jboss.server.config.dir}/rms.keystore" />
    
     </connector>
    
     -->
    

  6. If you want to disable HTTP connections entirely and forward them to HTTPS automatically:

    1. Add the flag redirect-port="8443" inside the HTTP (not HTTPS) tag — <connector name="http" ... />. (Replace the port with your actual SSL port if it differs from the default):

       <connector name="http" ... redirect-port="8443" />
      
    2. Modify the web.xml file, which can be found at /standalone/deployments/rapidminer-server-2.x.xxx.ear/rapidminer-server-war.war/WEB-INF/web.xml, by adding the following:

       <security-constraint>
      
       <web-resource-collection>
      
       <web-resource-name>Secure Apps</web-resource-name>
      
       <url-pattern>/*</url-pattern>
      
       </web-resource-collection>
      
       <user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint>
      
       </security-constraint>
      

    Note: Each time you update RapidMiner Server using the EAR file replacement method, you must redo the changes to the web.xml to ensure all traffic continues to redirect to HTTPS.

  7. Restart RapidMiner Server.

Making changes on RapidMiner Studio

After making these changes for RapidMiner Server, you must also make changes to each RapidMiner Studio instance that uses this server in its repository. Follow these steps:

  1. In RapidMiner Studio, right-click on the RapidMiner Server repository and select Configure Repository:

  2. The Configure RapidMiner Server Repository window opens. Modify the Repository URL field to use SSL and match the port value you set for RapidMiner Server.

    For example:

  3. Click save Save to save your changes.