BigMemory Go 4.3.4 | Product Documentation | Terracotta Management Console User Guide | Setting up Security | Forcing SSL Connections For TMC Clients
Forcing SSL Connections For TMC Clients
If the TMC is deployed with the provided Jetty web server, web browsers connecting to the TMC can use an unsecured connection (via HTTP port 9889). A secure SSL-based connection is also available using HTTPS port 9443.
To force all web browsers to connect using SSL, disable the non-secure connector by commenting it out in /management-console/etc/jetty.xml (located in the BigMemory kit):
<!-- DISABLED non-secure connector
<Call name="addConnector">
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host"><Property name="" /></Set>
<Set name="port"><Property name="jetty.port" default="9889"/></Set>
<Set name="forwarded">true</Set>
<Set name="maxIdleTime">300000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">8443</Set>
<Set name="lowResourcesConnections">20000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
If the TMC WAR is deployed with a different container, make the equivalent changes appropriate to that container.
About the Default Keystore
By default, the built-in Jetty container's configuration file (management-console/etc/jetty.xml) uses a JKS identity store, located in the same directory. This keystore contains a self-signed certificate (not signed by a certificate authority). If you intend to use this "untrusted" certificate, all SSL browser connections must recognize this certificate and register it as an exception for future connections. This is usually done at the time the browser first connects to the TMS.

Copyright © 2010 - 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release