Skip to main content
We have enabled SSL on our sysaid server, as we are planning to open the server up to networks outside of our company network. This way we can use the mobile app and push notifications.



But before we open the server, we want to force the usage of HTTPS, so only secure connections are allowed.



Our http port is 9090 and our https port is 8443.



Current situation in the server.xml file is:



<Connector port="9090" URIEncoding="UTF-8" redirectPort="8443" connectionTimeout="20000" protocol="HTTP/1.1"/>



<!-- A "Connector" using the shared thread pool-->





<!--<Connector executor="tomcatThreadPool"port="9090" protocol="HTTP/1.1"connectionTimeout="20000"redirectPort="8443" /> -->





<!-- Define a SSL HTTP/1.1 Connector on port 8443This connector uses the BIO implementation that requires the JSSEstyle configuration. When using the APR/native implementation, theOpenSSL style configuration is required as described in the APR/nativedocumentation -->





<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" keystorePass="A0zPmlksfd1234879*(" keystoreType="PKCS12" keystoreFile="C:\Program Files\SysAidServer\martens-wildcard.pfx" sslProtocol="TLS" clientAuth="false" secure="true" scheme="https" SSLEnabled="true" maxThreads="150"/>



<!-- Define an AJP 1.3 Connector on port 8009 -->





<Connector port="8009" redirectPort="8443" protocol="AJP/1.3"/>




What should I change to this piece of code so HTTP doesn't work and automatically redirects to https?



Thanks in advance!
Did you get any feedback, we are also struggling with the same.
In order to setup SSL redirection, please edit the file ...\SysAidServer\tomcat\conf\web.xml and add the following lines before the </web-app> line (break a new line above it):

<security-constraint>

<web-resource-collection>

<web-resource-name>Security page</web-resource-name>

<url-pattern>/*</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>





*** If you want your assets to report in http and not in https please use the following instead:



<security-constraint>

<web-resource-collection>

<web-resource-name>Security page</web-resource-name>

<url-pattern>/Login.jsp</url-pattern>

<http-method>GET</http-method>

<http-method>POST</http-method>

</web-resource-collection>

<user-data-constraint>

<transport-guarantee>CONFIDENTIAL</transport-guarantee>

</user-data-constraint>

</security-constraint>







Note: This file may be overwritten on future upgrades, so keep a copy of the file once you have it setup correctly.
I have tried this from the knowledge base (https://helpdesk.sysaid.com/KBFAQTree.jsp?menuFlag=ssp¬AddingIndexJSP=true#346) but I couldn't get it to work.

Reply