Configure HTTPS for Tomcat to enable SSL Encryption - Version 2020 (10.0) - Hexagon

Smart Materials Web Installation (10.2)

Language
English
Smart Materials/Smart Reference Data Version
10.2
  1. Since http connections are no longer supported, it is mandatory to configure https.

  2. To support https (http via Secure Socket Layer (SSL)) connections, it is required having a valid certificate for web-servers for your Domain/Server.

    For example, if your server should be available at: https://smatweb.yourdomain.com:8080/apex..., a valid certificate must be created for smatweb.yourdomain.com by your IT department. Alternatively, you can use a wildcard certificate, for example, *.yourdomain.com.

    Hexagon cannot provide an https certificate for your domain.

  3. Locate your Tomcat’s server configuration file at

    $Tomcat\conf\server.xml

  4. Add a connector element to support for https connection (replace ##PathToYourKeystoreCertificateFile## with the certificate file path and ##YourKeystorePassword## with the password):

    <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort= "8443" />

    For Tomcat 9.x, insert this:

    <Connector port="8443" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS" keystoreFile="##PathToYourKeystoreCertificateFile##" keystorePass="##YourKeystorePassword##" />

    For Tomcat 10.x, insert this:

    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

    maxThreads="150" SSLEnabled="true">

    <SSLHostConfig>

    <Certificate certificateKeystoreFile="##PathToYourKeystoreCertificateFile##.pfx"

    type="RSA"

    certificateKeystorePassword="##YourKeystorePassword##" />

    </SSLHostConfig>

    </Connector>

    Port 8080 to reach your Tomcat server, redirected to Port 8443 for Tomcat https-connection. Result: calling http://yourServerIp:8080 would redirect to https://yourServerIp:8443.

  5. Locate your Tomcat’s Deployment Descriptor file at

    $Tomcat\webapps\ords\WEB-INF\web.xml

    ords in above path depends on your configuration of ORDS web service.

  6. Add before '</web-app>':

    <!-- Require HTTPS for everything except /img and /css. -->

    <security-constraint>

    <web-resource-collection>

    <web-resource-name>HTTPSOnly</web-resource-name>

    <url-pattern>/*</url-pattern>

    </web-resource-collection>

    <user-data-constraint>

    <transport-guarantee>CONFIDENTIAL</transport-guarantee>

    </user-data-constraint>

    </security-constraint>

  7. To ensure that http is redirected to https if both connectors are specified in the server.xml (tomcat conf), add this after last </servlet-mapping>:

    <security-constraint>

    <web-resource-collection>

    <web-resource-name>Entire Application</web-resource-name>

    <url-pattern>/*</url-pattern>

    </web-resource-collection>

    <user-data-constraint>

    <transport-guarantee>CONFIDENTIAL</transport-guarantee>

    </user-data-constraint>

    </security-constraint>

  8. Restart Tomcat to activate changes.