Secure Communication

DolphinDB supports HTTPS for secure communication over the web.

Web access

DolphinDB can set the access authority for Notebook and cluster manager. The system will automatically create an administrator account with a user name of “admin” and a password of “123456” at its first startup.

Enable HTTPS

There are 2 ways to enable HTTPS:

  • Add “enableHTTPS=true” in the configuration file of the cluster controller (controller.cfg)

  • Add “-enableHTTPS true” in the command line when starting the cluster controller.

$ ./dolphindb -enableHTTPS true -home master -publicName www.psui.com -mode controller -localSite 192.168.1.30:8500:rh8500 -logFile ./log/master.log

HTTPS Certificate

We need to install server authentication certificate at each server in DolphinDB for secure connections. There should be a certificate on the controller and each of the agent nodes. Data nodes use the certificate located at the agent node on the same server.

  • Use an authentication certificate from a certificate authority

Get a certificate from a certificate authority, rename it as server.crt, and copy to the folder “keys” under the home directory of the controller. If the folder “keys” does not exist, we need to create it. The certificate does not need to be installed as it is from a certificate authority.

  • Install a self-signed authentication certificate with the following steps:

1. Set publicName as the domain name of the computer

Use “publicName=www.ABCD.com” in the configuration file of the cluster controller (controller.cfg), or “-publicName www.ABCD.com” in the command line to start the controller.

2. Check if the authentication certificate has been generated

Start the controller node and check if the certificate file server.crt and the private key for the server serverPrivate.key exist in the folder “keys” under the home directory.

3. Install the self-signed certificate to the certificate authority of the web browser

In Google Chrome, choose Settings -> Advanced -> Manage certificates -> AUTHORITIES-> Import to install the self-signed certificate server.crt.

Now enter “https://www.ABCD.com:8500/” in the web browser to connect to DolphinDB cluster manager, where 8500 is the port number of the controller.

SSO (Single Sign On)

The controller node in DolphinDB is authorized to issue tickets encrypted with OpenSSL to clients for safe communication.

DolphinDB provides 2 API functions for SSO:

  • getAuthenticatedUserTicket(): issue the current user’s encrypted ticket

  • authenticateByTicket(ticket): use the ticket generated by getAuthenticatedUserTicket() to log in the system.