Access Secure Programs Using HTTPS

Connecting to a MATLAB® Production Server™ instance over HTTPS provides a secure channel for executing MATLAB functions. To establish an HTTPS connection with a MATLAB Production Server instance:

  1. Ensure that the server is configured to use HTTPS.

  2. Install the required credentials on the client system.

  3. Configure the client's Java® environment to use the credentials.

  4. Create the program proxy using the program's https:// URL.

MATLAB Production Server Java client API provides:

  • Hooks for disabling security protocols to protect against the POODLE vulnerability.

  • Hooks for providing your own HostnameVerifier implementation

  • Hooks for implementing server authorization beyond that provided by HTTPS

Configure the Client's Environment for SSL

To manage the key store and trust stores on the client machine, use keytool.

At a minimum, the client requires the server's root CA (Certificate Authority) in its trust store.

To connect to a server that requires client-side authentication, the client also needs a signed certificate in its key store.

Establish a Secure Proxy Connection

Create a secure proxy connection with a MATLAB Production Server instance by using the https:// URL for the desired program:

MWClient client = new MWHttpClient();
URL sslURL = new URL("https://hostname:port/myArchive");
MyProxy sslProxy = client.createProxy(sslURL, MyProxy.class);

The sslProxy object uses the default Java trust store, stored in JAVA_HOME\lib\security\cacerts, to perform the HTTPS server authentication. If the server requests client authentication, the HTTPS handshake fails because the default SSLContext object created by the JRE does not provide a key store.

To use a location other than the default for the client trust store, set the trust store location and password using Java system properties:

System.setProperty("javax.net.ssl.trustStore",
                   "PATH_TO_TRUSTSTORE");
System.setProperty("javax.net.ssl.trustStorePassword",
                   "truststore_pass");
MWClient client = new MWHttpClient();
URL sslURL = new URL("https://hostname:port/myfun");
MyProxy sslProxy = client.createProxy(sslURL, MyProxy.class);

You must provide a custom implementation of the MWSSLConfig interface to use a custom SSLContext implementation, add a custom HostnameVerifier implementation, or use the server authorization of the MATLAB Production Server Java client API.

Establish a Secure Connection Using Client Authentication

In some environments, server instances require that clients provide a certificate for authentication. To enable the client to connect with a server instance requiring client authentication, set the key store location and password using Java system properties:

System.setProperty("javax.net.ssl.keyStore", "PATH_TO_KEYSTORE");
System.setProperty("javax.net.ssl.keyStorePassword", "keystore_pass");
MWClient client = new MWHttpClient();
URL sslURL = new URL("https://hostname:port/myfun");
MyProxy sslProxy = client.createProxy(sslURL, MyProxy.class);

More About

External Websites

Was this topic helpful?