Configuration for SSL for MashZone NextGen can be defined in the application server that hosts the MashZone NextGen Server. These instructions discuss the basic steps for configuring SSL in Tomcat. See Tomcat documentation or the documentation for your application server for detailed information.
Procedure
Warning
We recommend that you do not use TLSv1.0 in your production environments, as TLSv1.0 is considered unsafe for network communication.
You can add the sslEnabledProtocols and sslProtocols parameters to the server.xml file to disable TLSv1.0. The parameters allow limiting the supported protocols. For details, see the Tomcat documentation.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol"
SSLEnabled="true" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS" keystoreFile="conf/tomcat.jks"
keystorePass="keystrpwd" truststoreFile="conf/tomcat.jks"
truststorePass="truststrpwd" />
This example uses the default Tomcat port, 8443, and mutual SSL, based on the clientAuth value. If this was a one-way connection, you would set clientAuth to false. This example also uses the default Tomcat certificate store, conf/tomcat.jks, as both the key store and the trust store. See Tomcat documentation for information on other properties.
Open the web.xml file located in <MashZone NextGen installation>/apache-tomcat/webapps/mashzone/WEB-INF/ in a text editor.
Find the session-config/cookie-config/secure element and change the value to true.
Example
<session-config> <session-timeout>30</session-timeout> <!-- Set the "secure" flag to true when using HTTPS for enhanced security --> <cookie-config> <secure>false</secure> </cookie-config> </session-config>
Once this is set to true, only HTTPS access will be allowed.