Configuring Tomcat to redirect all HTTP requests to HTTPS

To force the Web server redirect all calls to a secure connection:

  1. Use a self-signed certificate or a certificate generated by a Certificate Authority (CA).

    InfoPrint Manager Web server already provides a sample self-signed certificate. The certificate must be signed by the trusted third party so that it can work in the visitors browsers without warnings. To obtain a signed certificate, choose a CA and follow its instruction.

  2. Install and configure the Web server so that you can use your certificate. For more information, see Enabling Secure Sockets Layer (SSL) in the Web Server for HTTPS protocol. To use the sample certificate, enable the SSL connector in /usr/lpp/pd/ipmws/conf/server.xml file.
  3. Go to /usr/lpp/pd/ipmws/conf/web.xml file, scroll to the bottom of the file and add the following just above the </web-app> entry:
    <!-- Force HTTPS, required for HTTP redirect! -->
    <security-constraint>
    <web-resource-collection>
    <web-resource-name>Protected Context</web-resource-name>
    <url-pattern>/*</url-pattern>
    </web-resource-collection>
    
    <!-- auth-constraint goes here if you require authentication -->
    <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    </security-constraint>
    
  4. Save the web.xml file and restart the web server from Smit for these changes to take effect.
    Note:
  • If you have multiple web servers running, make sure that they all use the same HTTP or HTTPS protocol.