Forcing connections to use SSL

The following articles will walk through how to configure Cascade Server to run over SSL:

Linux/*nix SSL configuration

Windows SSL configuration

Once the SSL connector has been enabled per those instructions, users can still access the application through the default port 8080. There are 2 options for preventing this from occurring:

  1. Comment out the HTTP/1.1 Connector in tomcat/conf/server.xml (thus leaving only the SSL/TLS Connector).
  2. Force Tomcat over SSL. To do this:
    • Edit the file tomcat/conf/web.xml
    • Add a <security-constraint> element just before the closing </web-app> element. For example:
<!-- Force SSL for entire site -->
         <web-resource-name>Cascade Server</web-resource-name>    

More information on configuring SSL can be found at the Apache Tomcat web site.