The XTRF Knowledge Base has been moved to a new space.

Use to access the Knowledge Base.

SSL Certificate installation

This document is intended for Server Administrators with sufficient technical skills. 

XTRF Platform application is expected to be run as a backend service in DMZ, not directly exposed to the Internet. Therefore, we do not support installing SSL certificated directly into XTRF.

In order to expose the proper HTTPS endpoint, you should use a tool called TLS termination proxy or load balancer. This tool intercepts HTTPS requests, allowing you to enforce access rules, log traffic and perform other actions typical to middleware. XTRF backend socket listens on HTTPS on port 8443.

One example of such a tool is Apache HTTPD, which is free and widely available for all operating systems.

Apache HTTPD SSL configuration

Below you can find the information necessary for setting up an SSL certificate for your XTRF Platform installation with an Apache server to serve as a proxy for the XTRF Platform. The SSL certificate can also be installed by our specialists for an additional fee. Please contact the XTRF Support Team for details. Please bear in mind to always use the latest Apache and OpenSSL releases for maximum security and update them regularly.

 SSL Settings

You might also fine-tune the SSL settings according to the current best recommendations. For example, you can find helpful solutions under the following link:

Apache Settings for HTTPS Proxy (Windows OS)

You should download the Apache HTTPD distribution from

Please notice that this configuration requires at least Apache 2.4.12. Add the following code snippet to your Apache config and enable modules: rewrite, logio, proxy, proxy_sslproxy_ajp, proxy_http, headers, status and ssl (if proxy_ssl isn't available) for Apache.

Also, please find in the httpd.conf  below line:

Include conf/extra/httpd-info.conf

And check if it is uncommented (if there is "#" at the beginning of the line, you have to remove it). In latest versions of Apache (>2.4.17) you should consider enabling HTTP/2: 

As of early 2018, the default Apache HTTPD distribution enables the following file:

Include conf/extra/httpd-ahssl.conf

You should disable it as it will conflict with the SSL installation - simply prepend it with #.

You can use the following file as a base for your configuration: 

Apache Settings for HTTPS Proxy (Debian/Ubuntu)

Please notice that this configuration requires at least Apache 2.4.7. This requires at least Debian 8 Jessie or Ubuntu 14.04 Trusty. Execute the following commands to enable the required modules:

sudo a2enmod proxy_ajp ssl status headers rewrite

In latest versions of Apache (>2.4.17) you should consider enabling HTTP/2: 

Please create a file /etc/apache2/sites-enabled/xtrf.conf with the following content (adapt the hostname and SSL certificate location):