Previous Topic: Enable HTTPS with Certificates Stored in an External Security ManagerNext Topic: Allow CA CSM to Connect Through HTTPS in a Secured Environment

Configuring CA CSMConfigure CA CSM to Use HTTPSConfigure HTTPS to Override HTTP

Configure HTTPS to Override HTTP

You can configure CA CSM to always use HTTPS instead of HTTP for user access manually.

Follow these steps:

  1. Verify that you are able to access CA CSM using both HTTP (HTTP Proxy Server with NTLM Authentication, Configuring HTTP Proxy Settings) and HTTPS.
  2. Shut down Apache Tomcat.
  3. Configure Apache Tomcat in the web.xml file:
    1. In the tomcat/conf directory, open the web.xml file.
    2. Add the following XML under the web-app tag: 
      <security-constraint>
     <web-resource-collection>
     <web-resource-name>Protected Context</web-resource-name>
        <url-pattern>/*</url-pattern>
     </web-resource-collection>
           <!-- auth-constraint goes here if you require authentication -->
      <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>
    3. Save and close the web.xml file.
  4. Configure Apache Tomcat in the server.xml file.
    1. In the tomcat/conf directory, open the server.xml file.
    2. Locate the Connector XML definition that contains the HTTP port number that Apache Tomcat runs on.
    3. Change or add, if necessary, the redirectPort attribute to the Connector XML tag. Set its value as the port number of the HTTPS Connector. For example: 
      <!-- A "Connector" represents an endpoint by which requests
         and responses are returned. Documentation at :
         Java HTTP Connector: /docs/config/http.html (blocking & 
         non-blocking)
     Java AJP  Connector: /docs/config/ajp.html
         APR (HTTP/AJP) Connector: /docs/apr.html
         Define a non-SSL HTTP/1.1 Connector on port 8080
    -->
    <Connector address="123.456.789.321" port="8080"
               protocol="HTTP/1.1"     
               connectionTimeout="20000"
               redirectPort="30308" />
    4. Save and close the server.xml file.
  5. Start Apache Tomcat.
  6. Restart your browser.
  7. Access the HTTP URL, and verify that it redirects to the HTTPS URL instead.

Note: For more information, see documentation for the Apache Tomcat 7.0 Servlet/JSP Container.