CA Service Management

  • Private Community
 View Only

  • 1.  HTTP to HTTPS

    Posted Oct 26, 2017 09:49 AM

    Hello Team

     

    We need to access our sdm with https. Even user enter with http only, it should redirect automatically to https . For now i dont need to go with certificate generation. just https

     

    pls guide in which file need to edit.

     

    Many thanks.

     

    Jon_Israel



  • 2.  Re: HTTP to HTTPS
    Best Answer

    Posted Oct 26, 2017 10:52 AM

    Hi Aamir,

    You cant really use HTTPS without a certificate as all modern browsers expect a certificate for an HTTPS url, and will usually throw an error if you try to access an HTTPS url that does not have a certificate in place.  It will also break service desk attachments, web services REST and SOAP, as well as the potential to break integrations with service desk.

    Jon



  • 3.  Re: HTTP to HTTPS

    Broadcom Employee
    Posted Oct 26, 2017 11:02 AM

    Hello Aamir,

    Having a certificate is essential for https generation. It is where the encryption and security is sourced.

     

    For the first part of your question, redirecting http to https, can you describe what the end user experience should be? Is there also a friendly URL in play that could be performing a redirect? ie: end user enters http://helpdesk.domain.com/CAisd/pdmweb.exe instead of http://server123456/CAisd/pdmweb.exe

     

    Our existing documentation describes implementing https:

    https://docops.ca.com/ca-service-management/14-1/en/administering/configure-ca-service-desk-manager/managing-servers/how-to-configure-ssl-authentication



  • 4.  Re: HTTP to HTTPS

    Posted Oct 26, 2017 12:55 PM

    HI,

    In addition specially when users was used to go to http, you can add a security constraints in your web xml if you are using tomcat to force an automatic direction to https vs completely disable it with result of page not found for end users that have not updated their favorites.

     

    at the end of your web.xml before the </web-app> tag you will add the below:

     

    <security-constraint>
      <web-resource-collection>
       <web-resource-name>Automatic SLL Forwarding</web-resource-name>
       <url-pattern>/*</url-pattern>
      </web-resource-collection>-->
      <user-data-constraint>
        <transport-guarantee>
       CONFIDENTIAL
        </transport-guarantee>
      </user-data-constraint>
     </security-constraint>

     

    with IIS you do this with the URL rewrite Module (need to be preinstalled in your IIS)

    by adding the below to your web.config file

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
       <system.webServer>
         <rewrite>
           <rules>
             <rule name="HTTP/S to HTTPS Redirect" enabled="true" stopProcessing="true">
             <match url="(.*)" />
             <conditions logicalGrouping="MatchAny">
               <add input="{SERVER_PORT_SECURE}" pattern="^0$" />
             </conditions>
             <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="true" />
             </rule>
           </rules>
         </rewrite>
       </system.webServer>
     </configuration>

    This way if user is landing to http they will be transparently redirected to https (assuming that your ssl setup and certs are  well setup as mentioned in post above)

    My 2 cents

    /J