This article assumes that you are not running IBM Http Server with legacy Compass web server, or any other software, using port 443. We are also assuming that a server Administrator is performing these tasks and that person has permission to edit files and create Windows services.

After installing your Compass RESTful Services components on Windows, you may have noticed several things:

  • The REST server is using a self-signed certificate
  • Compass is running on port 8190
  • Compass may not be running as a Windows service

None of this is ideal for a production environment.

To start your Compass server for the first time, open an Administrative command line and navigate to \COMPASS_HOME\compass-rest-server-distribution\bin\ and run start.bat:

The Compass login will then become available at https:\\hostname:8190\

(where hostname is the hostname of the Compass server)

You’ll notice a few things about your new Compass server that we’ll need to change.

When using a self-signed certificate, you’ll be greeted by warnings like this when trying to open Compass:

To change the keystore used by Compass, all you need to do is update the “” file in the configuration for the rest server.

This file is located in the \COMPASS_HOME\compass-rest-server-distribution\config\ directory.

First, make a copy of the original “” file, just in case we need to roll back.

Edit “” with your favorite text editor and note the following section:

Update it to reflect your keystore which contains the certificate from your company’s CA:

Restart your compass services and you’ll see your web browser is much happier about the certificate situation:

The other thing you’ll notice when starting Compass server out of the box, is that it uses port 8190.

Expecting your end users to remember a port is less than ideal.  Let’s change that.  Please note that this change assumes that there is nothing else on this server running on port 443.  If you are using those ports for something like IBM HTTP Server, this isn’t going to work for you because there will be a conflict.

Go back to the

Comment out the original port and add a line for port 443.  This will eliminate the need for your end users to specify a port when accessing HCL Compass:

Restart the Compass server and visit the compass login without a port:

My last tip for you is to run Compass server as a Windows service if you are not already doing so.

Without any other interventions, you’ve been start/stopping the rest server from a Windows command prompt using “start.bat” – That’s problematic in a production environment.

Luckily, it is easy to create a windows service.

Navigate to the “install” directory and just click on “postinstall.bat”

A script will run and soon you will find a windows service:

Now you can restart the service like any other Windows service and should the machine require a reboot, your Compass server will come back up with the machine without extra steps on the part of an administrator.

Have you already done these things?  Do you have more tips for setting up Compass on the server side?  Please share below!

Comment wrap
Further Reading
Secure DevOps | May 25, 2022
Ensure HCL Compass is installed in your machine and have valid credentials to login into repository.
Secure DevOps | May 19, 2022
This article helps to install and setup HCL Compass in your machine which runs on rest server (without WAS)
Secure DevOps | February 25, 2022
HCL Compass Webhooks in Action
This article talks about Webhooks in HCL Compass. Webhooks are nothing but automated data sent from an app when something is triggered. In our case, HCL Compass is the app which sends the Webhook data, which is also called as Payload.
Filters result by