-
Since http connections are no longer supported, it is mandatory to configure https.
-
To support https (http via Secure Socket Layer (SSL)) connections, it is required having a valid certificate for web-servers for your Domain/Server.
For example, if your server should be available at: https://smatweb.yourdomain.com:8080/apex..., a valid certificate must be created for smatweb.yourdomain.com by your IT department. Alternatively, you can use a wildcard certificate, for example, *.yourdomain.com.
Hexagon cannot provide an https certificate for your domain.
-
Locate your Tomcat’s server configuration file at
$Tomcat\conf\server.xml
-
Add a connector element to support for https connection (replace ##PathToYourKeystoreCertificateFile## with the certificate file path and ##YourKeystorePassword## with the password):
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" />
For Tomcat 9.x, insert this:
<Connector port="8443" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="##PathToYourKeystoreCertificateFile##" keystorePass="##YourKeystorePassword##" />
For Tomcat 10.x, insert this:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="##PathToYourKeystoreCertificateFile##.pfx"
type="RSA"
certificateKeystorePassword="##YourKeystorePassword##" />
</SSLHostConfig>
</Connector>
Port 8080 to reach your Tomcat server, redirected to Port 8443 for Tomcat https-connection. Result: calling http://yourServerIp:8080 would redirect to https://yourServerIp:8443.
-
Locate your Tomcat’s Deployment Descriptor file at
$Tomcat\webapps\ords\WEB-INF\web.xml
ords in above path depends on your configuration of ORDS web service.
-
Add before '</web-app>':
<!-- Require HTTPS for everything except /img and /css. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
-
To ensure that http is redirected to https if both connectors are specified in the server.xml (tomcat conf), add this after last </servlet-mapping>:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
-
Restart Tomcat to activate changes.