I have just begun supporting an AIMMS Pro implementation for my customers, and a separate cybersecurity team found that the traffic from the AIMMS Pro web server is unencrypted:
- Unencrypted Network Communication: AIMMS Pro Launch Page: When accessing the web frontend used to launch the application, traffic is transmitted using an unencrypted network protocol.
- Unencrypted Network Communication: Websocket: The application establishes a websocket to communicate with its server using an unencrypted network protocol.
Looking through the support/architecture documentation it appears that AIMMS Pro uses it’s own web services to host the page, so I’m trying to see what effort is involved in changing these settings, and what the implication is on the client side as well.
Best answer by Chris Kuip
The AIMMS PRO portal can be switched to using HTTPS (secure encrypted connection) using the instructions at https://documentation.aimms.com/pro/config-sections.html#web-configuration.
Please note that an SSL key store file is needed in the PKCS12 format. Perhaps interesting is this reference: https://dzone.com/articles/how-to-create-a-keystore-in-pkcs12-format
Does this answer help?
With kind regards,