For security reasons it's recommended to run AppBoard over SSL (Secure Socket Layer). This will ensure all communications between clients (browsers) and the AppBoard server are encrypted.

By default AppBoard is configured with SSL disabled, but it does ship with a self-signed server certificate and can easily be enabled. In production environments this certificate should be replaced with one issued by a known certificate provider or one signed by a trusted root certificate within the organization.

Configuring AppBoard for SSL

To enable HTTPS (HTTP over SSL) mode use the HTTP_SSL runtime option and set it to true. In addition you may want to also change:

• HTTP_PORT: HTTPS is typically served on port 443
• KEYSTORE_FILE: if using your own certificate
• KEYSTORE_PASS: if using your own certificate
• KEYSTORE_TYPE: if using your own certificate

See the Runtime Options page for more information on these settings and how to configure them.

Do not configure SSL by editing the AppBoard server.xml file as this is a system file and replaced on upgrade. The correct way is to edit the runtime options.