Forcing SSL Connections For TMC Clients
If the TMC is deployed with the provided Jetty web server, web browsers connecting to the TMC can use an unsecured connection (via HTTP port 9889). A secure SSL-based connection is also available using HTTPS port 9443.
To force all web browsers to connect using SSL, disable the non-secure connector by commenting it out in /management-console/start.d/http.ini (located in the BigMemory kit):
#### Connector port to listen on
# jetty.http.port=9889
If the TMC WAR is deployed with a different container, make the equivalent changes appropriate to that container.
About the Default Keystore
By default, the built-in Jetty container's configuration file (management-console/etc/custom-jetty-ssl.xml ) uses a JKS identity store, located in the same directory. This keystore contains a self-signed certificate (not signed by a certificate authority). If you intend to use this "untrusted" certificate, all SSL browser connections must recognize this certificate and register it as an exception for future connections. This is usually done at the time the browser first connects to the TMS.