Connecting to a MATLAB® Production Server™ instance over HTTPS provides a secure channel for executing MATLAB functions. To establish an HTTPS connection with a MATLAB Production Server instance using a Java® client:
Ensure that the server is configured to use HTTPS.
Install the required credentials on the client system.
Configure the client's Java environment to use the credentials.
For a proxy-based workflow, create the
program proxy using the program's
The MATLAB Production Server Java client API provides:
Hooks for disabling security protocols to protect against the POODLE vulnerability.
Hooks for providing your own
Hooks for implementing server authorization beyond that provided by HTTPS.
To manage the key store and trust stores on the client
At a minimum, the client requires the server's root CA (Certificate Authority) certificate or self-signed certificate in its trust store.
To connect to a server that requires client-side authentication, the client also needs a signed certificate in its key store.
Create a secure proxy connection with a MATLAB
Production Server instance by using the
https:// URL for the desired
MWClient client = new MWHttpClient(); URL sslURL = new URL("https://hostname:port/myArchive"); MyProxy sslProxy = client.createProxy(sslURL, MyProxy.class);
sslProxy object uses the default
Java trust store, stored in
to perform the HTTPS server authentication. If the
server requests client authentication, the HTTPS
handshake fails because the default
SSLContext object created by
the JRE does not provide a key store.
To use a location other than the default for the client trust store, set the trust store location and password using Java system properties:
System.setProperty("javax.net.ssl.trustStore", "PATH_TO_TRUSTSTORE"); System.setProperty("javax.net.ssl.trustStorePassword", "truststore_pass"); MWClient client = new MWHttpClient(); URL sslURL = new URL("https://hostname:port/myfun"); MyProxy sslProxy = client.createProxy(sslURL, MyProxy.class);
You must provide a custom implementation of the
MWSSLConfig interface to use a
implementation, add a custom
implementation, or use the server authorization of
Java client API.
In some environments, server instances require that clients provide a certificate for authentication. To enable the client to connect with a server instance requiring client authentication, set the key store location and password using Java system properties:
System.setProperty("javax.net.ssl.keyStore", "PATH_TO_KEYSTORE"); System.setProperty("javax.net.ssl.keyStorePassword", "keystore_pass"); MWClient client = new MWHttpClient(); URL sslURL = new URL("https://hostname:port/myfun"); MyProxy sslProxy = client.createProxy(sslURL, MyProxy.class);
If you are writing a client program for MATLAB Production Server on Azure® that uses a self-signed SSL certificate, you must disable host name verification so that the client can use HTTPS to send requests to the server.
Production Server deployment on Azure uses a self-signed SSL certificate to provide an HTTPS URL to make requests to
the server and execute MATLAB functions. Replacing the self-signed certificate with a certificate signed by a
certificate authority (CA) is recommended. For information on how to change the self-signed
certificate, see Change Self-Signed Certificate to Application Gateway. However, if you continue
to use the self-signed certificate, client programs that send HTTPS requests to the server
must disable host name verification to avoid encountering an exception caused by a failure in
host name verification. The verification fails due to a mismatch between the host names in the
HTTPS URL for MATLAB function execution and the common name (CN) of the self-signed certificate. The
host name for the MATLAB function execution URL has the value
but the CN has the value
For more information on MATLAB Production Server on Azure, see Azure Deployment for MATLAB Production Server (BYOL) and Azure Deployment for MATLAB Production Server (PAYG).