Configuring Tomcat to redirect all HTTP requests to HTTPS
To force the Web server redirect all calls to a secure connection:
- Use a self-signed certificate or a certificate generated by a Certificate Authority
(CA).
InfoPrint Manager Web server already provides a sample self-signed certificate. The certificate must be signed by the trusted third party so that it can work in the visitors browsers without warnings. To obtain a signed certificate, choose a CA and follow its instruction.
- Install and configure the Web server so that you can use your certificate. For more
information, see Enabling Secure Sockets Layer (SSL) in the Web Server for HTTPS protocol
. To use the sample certificate, enable the SSL connector in
/usr/lpp/pd/ipmws/conf/server.xmlfile. - Go to
/usr/lpp/pd/ipmws/conf/web.xmlfile, scroll to the bottom of the file and add the following just above the</web-app>entry:<!-- Force HTTPS, required for HTTP redirect! --> <security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <!-- auth-constraint goes here if you require authentication --> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
- Save the web.xml file and restart the web server from Smit for these changes to take effect.
- Note:
- If you have multiple web servers running, make sure that they all use the same HTTP or HTTPS protocol.