Configuring BrowserInsight to Use SSL

Owned by Luna
Last updated: Aug 30, 2012Version comment
3 min read
  • BROWSER INSIGHT IS NO LONGER SUPPORTED BEYOND 6.2


HTTP over SSL (or Secure Socket Layer) provides enhanced security around Insight's login functionality. When enabled, users who load the login page for BrowserInsight are redirected to a Secure HTTP Connection (over SSL), where they login, and are then passed back to the BrowserInsight Application. This situation is ideal for Single-Sign-On Situations where usernames and passwords provide greater access to Institutional Resources than Insight.
NOTE: The Insight 5.x Suite Installer will pre-configure many of these settings for you according to your installation choices. In many cases you may simply have to uncomment the existing values.
To enable SSL with the bundled version of Tomcat 5.0:

      1. Open Tomcat's server.xml (located in the tomcat/conf directory).
      2. Locate the section on the SSL Connector (as follows).

<!-- Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
keystoreFile="path/to/your/keystore"
keystorePass="keystore_password"
clientAuth="false" sslProtocol="TLS" / -->

      1. Uncomment the connector for SSL so the line looks like this:

<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
keystoreFile="path/to/your/keystore"
keystorePass="keystore_password"
clientAuth="false" sslProtocol="TLS" />

      1. Follow the instructions on http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html for information on how to create a keystore.
      2. Change the keystoreFile parameter to match the path to your keystore file.
      3. Change the keystorePass parameter to match the password you created for your keystore.
      4. Save the server.xml configuration file.
      5. Restart Tomcat.


To enable SSL during login:

  1. Configure your servlet container (Resin or Tomcat) to use SSL. See your Resin or Tomcat documentation for directions on configuring and testing SSL. Note the port number on which SSL is configured.


  1. Once the servlet container is properly listening for SSL connections on the specified port, open the BrowserInsight.conf, located in the root of the BrowserInsight installation directory.


  1. Locate the following lines:
                                                                                                                  1. SSL Security Settings#-------------------------------------------------------
  2. to enable secure login uncomment and update the # following lines
    #LoginSSL = yes#SecureDomain = https://browserinsight.lunaimaging.com:8085#StandardDomain = http://browserinsight.lunaimaging.com:8080
  3. Uncomment the LoginSSL property and set it to 'yes' in your BrowserInsight.conf.
  4. Uncomment the SecureDomain property and set it to match the domain on which the Secure version of BrowserInsight is running. Commonly, the secure domain is composed of the protocol (https) + the host running BrowserInsight + the servlet container's SSL port number. For example, if your domain name is host.mydomain.com and your servlet container's SSL port is 8085, specify SecureDomain as: https://host.mydomain.com:8085/


NOTE: If you are using the standard HTTPS port, 443, you may omit the port definition for the SecureDomain property, as seen in the example above.

  1. Uncomment the StandardDomain property and set it to match the domain on which the unsecured version of BrowserInsight is Running, commonly this is preset for you.


  1. Save the BrowserInsight.conf file and continue with the steps below, specific to your servlet container.

Additional Installation Instructions for Resin

  1. Open the resin.conf file located in the <resin_install>/conf directory.


  1. Search for the line beginning with "<session-config" in the resin.conf file, it should look something like the following:

<session-config enable-cookies='true' enable-url-rewriting='false' session-timeout='30'/>

  1. If LoginSSL is set to "yes" in BrowserInsight.conf, then the above line must be changed to the following:

<session-config enable-cookies='true' enable-url-rewriting='true' session-timeout='30' cookie-domain='.mydomain.com'/>

  1. The dot (.) character preceding 'mydomain' is required. Be sure to change 'mydomain' to the domain under which BrowserInsight is running.


NOTE: Setting 'enable-url-rewriting' to true, as shown above, has the effect that users who have disabled cookies in their web browser will still be able to use BrowserInsight.

  1. Restart Resin after modifying resin.conf.

Additional Installation Instructions for Apache's Tomcat 4.x

  1. Open the server.xml file located in the <tomcat_install>/conf directory.


  1. Search for "BrowserInsight" in the server.xml file, it should look like the following:

<Context className="org.apache.catalina.core.StandardContext" crossContext="false" path="/BrowserInsight" debug="3" reloadable="true" docBase="<browser_install_dir>" defaultSessionTimeOut="30">

  1. When using Tomcat with SSL, cookies may not be used to track user sessions. Disable cookies by changing the above line to the following:

<Context className="org.apache.catalina.core.StandardContext" crossContext="false" path="/BrowserInsight" debug="3" reloadable="true" docBase="<browser_install_dir>" defaultSessionTimeOut="30" cookies="false">

  1. Restart Tomcat after modifying server.xml.