Forcing connections to use SSL

The following articles will walk through how to configure Cascade Server to run over SSL:

Linux/*nix SSL configuration

Windows SSL configuration

Once the SSL connector has been enabled per those instructions, users can still access the application through the default port 8080. There are 2 options for preventing this from occurring:

  1. Comment out the HTTP/1.1 Connector in tomcat/conf/server.xml (thus leaving only the SSL/TLS Connector).
  2. Force Tomcat over SSL. To do this:
    • Edit the file tomcat/conf/web.xml
    • Add a <security-constraint> element just before the closing </web-app> element. For example:
<!-- Force SSL for entire site -->
  <security-constraint>    
     <web-resource-collection>    
         <web-resource-name>Cascade Server</web-resource-name>    
         <url-pattern>/*</url-pattern>    
     </web-resource-collection>    
     <user-data-constraint>    
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>    
     </user-data-constraint>    
 </security-constraint>

More information on configuring SSL can be found at the Apache Tomcat web site.