Forcing connections to use SSL
The following articles will walk through how to configure Cascade Server to run over SSL:
Once the SSL connector has been enabled per those instructions, users can still access the application through the default port 8080. There are 2 options for preventing this from occurring:
- Comment out the HTTP/1.1 Connector in
tomcat/conf/server.xml (thus leaving only the SSL/TLS
Connector).
- Force Tomcat over SSL. To do this:
- Edit the file tomcat/conf/web.xml
- Add a
<security-constraint>
element just before the closing</web-app>
element. For example:
<!-- Force SSL for entire site -->
<security-constraint>
<web-resource-collection>
<web-resource-name>Cascade Server</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
More information on configuring SSL can be found at the Apache Tomcat web site.