AlgoTraderAlgoTrader Documentation

Chapter 27. Processes and Networking

27.1. SSL security
27.1.1. Importing Certificate into Chrome Browser

By default AlgoTrader is assumed to be running within a secure network segment wherein user authentication and authorization as well SSL security are enforced by the runtime environment / operating system. The AlgoTrader process, individual strategy process and browsers running the HTML5 UI exchange data unencrypted primarily to avoid overhead of encryption for maximal performance.

SSL security can be activated through the following property in conf.properties. Alternatively the properties can be changed via Section 2.3, “VM Arguments”:

# TLS/SSL transport security
ssl.enabled = true

By default AlgoTrader ships with a self-signed certificate which can be import into the browser. Please note that modern browsers will show a warning when using self-signed certificates due to your domain name being different from AlgoTrader's own domain.

It is therefore strongly recommended to procure a certificate from a major CA (certification authority) trusted by common browsers. Alternatively you can create your own self-signed certificate for testing purposes, the following command will created a certificate for the domain xxx.algotrader.com

keytool -genkey -alias mycompanyname -keypass password -storepass password -keystore identity.jks -keyalg RSA -keysize 2048 -validity 365 -dname CN=xxx.algotrader.com -ext SAN=dns:xxx.algotrader.com

To use SSL security please update the following properties in conf.properties. Alternatively the properties can be changed via Section 2.3, “VM Arguments”:

# Keystore with SSL key
ssl.keystore = classpath://identity.jks

# Keystore type (JKS will be assumed by default)
ssl.keystoreType =

# Keystore password
ssl.keystorePassword = password

# Private key password
ssl.keyPassword = password

When running with TLS transport security turned on AlgoTrader also enforces BASIC user authentication with a user name and a password when logging into the HTML5 UI. User credentials can be provided in conf.properties. Alternatively the properties can be changed via Section 2.3, “VM Arguments”:

# Web UI user name
jetty.user = myusername

# Web UI password
jetty.password = secret