CA Service Management

  • Private Community
 View Only

  • 1.  HTTPS default protocol CA SDM

    Posted Aug 04, 2015 08:16 AM

    I've configured the SSL certificate on CA SDM, but when I type localhost, the ip address or the dns name, it goes to the HTTP page not the HTTPS page. How do I configure SDM to make de HTTPS the default protocol?



  • 2.  Re: HTTPS default protocol CA SDM

    Posted Aug 04, 2015 08:31 AM

    Hi jmraimundo,

    If you are using IIS, you would have to set IIS to default to HTTPS/SSL - see this article:

    IIS7 : HOW TO force a website to use SSL? - Rakki Muthukumar - Site Home - MSDN Blogs

     

    If you are using Tomcat, you would need to go into the server.xml file and disable the HTTP connector, leaving only the HTTPS connector available.

     

    Hope this helps,

    Thanks,

    Jon I.



  • 3.  Re: HTTPS default protocol CA SDM

    Posted Aug 04, 2015 08:50 AM

    Hi Jon,

     

    I am using tomcat, I look at my server.xml configuration and find two lines with connector

     

    <Connector connectionTimeout="20000" port="80" protocol="HTTP/1.1" redirectPort="443"/>

     

    <Connector SSLEnabled="true" clientAuth="false" keystoreFile="E:\certificado\soalv3pprim02" keystorePass="Stef!2015" maxThreads="150" port="443" protocol="HTTP/1.1" scheme="https" secure="true" sslProtocol="TLS"/>

     

    I don't think is any of this line. What should I do?



  • 4.  Re: HTTPS default protocol CA SDM

    Posted Aug 04, 2015 09:01 AM

    Hi jmraimundo,

     

    You will see the following section in the server.xml:

     

        <!-- Define a SSL HTTP/1.1 Connector on port 8443

             This connector uses the JSSE configuration, when using APR, the

             connector should be using the OpenSSL style configuration

             described in the APR documentation -->

        <!--

        <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"

                   maxThreads="150" scheme="https" secure="true"

                   clientAuth="false" sslProtocol="TLS" />

        -->

     

     

    As you can see - this section has the "<!--" flag and the "-->" flag at the start and end - meaning this SSL connector is commented out.  You should also see another connector for non-ssl.

     

    What you would do is uncomment the SSL connector, and then comment out the non-SSL connector.

     

    This would force the SSL connector to be the only one available.

     

    Jon



  • 5.  Re: HTTPS default protocol CA SDM
    Best Answer

    Broadcom Employee
    Posted Aug 04, 2015 09:39 AM

    We had a similar discussion in the Communities a couple weeks ago, check it out here:

     

    disabling http and leaving only https

     

    Check out the post I made at the bottom, you can use those instructions to force routing of traffic to the HTTPS port even if a user tries to access the HTTP port.



  • 6.  Re: HTTPS default protocol CA SDM

    Posted Aug 04, 2015 07:04 PM

    Hi Alex,

     

    I worked!

    Thank You so much for your help!.



  • 7.  Re: HTTPS default protocol CA SDM

    Posted Aug 05, 2015 10:01 AM

    Thanks for sharing this.