Community and Support
            Knowledge Base Applications Manager FAQ Security

            How can I ensure that my HTTPS connection to AppManager is secure?

            By default, we do not restrict HTTPs access based on protocols or ciphers. To do the same, perform the following steps : 

            1. Navigate to 'AppManager_Home\working\conf'. Take a backup copy of the 'wrapper.conf' file present here and make the following change :

                i. Search for the key '-Dhttps.protocol' and set the value as 'TLSv1.2' ,i.e.,

                    wrapper.java.additional.24=-Dhttps.protocol=TLSv1.2

                 If this entry is not present, then add the same in the line below 'wrapper.java.additional.23' entry. 

            For APM Plugin users, this change has to be made in the startApplicationsManager.bat file. Search for 'start /B' and add '-Dhttps.protocol=TLSv1.2' immediately after the classpath. 

                    start /B %JAVA_HOME%\bin\javaw -cp %CLASSPATH% -Dhttps.protocol=TLSv1.2...

            2. Navigate to 'AppManager_Home\working\apache\tomcat\conf\backup'. Take a backup copy of the 'server.xml' file present here and do the following :

                i. Search for phrase : 'Connector port="SSL_PORT" '.
                ii. In the Connector tag, make the following changes :

                    a. Search for the parameter 'sslEnabledProtocols' and change the value to 'TLSv1.2' to support TLSv1.2 alone. If this parameter is not present, then add the same.
                    b. Search for the parameter 'sslProtocol' and change the value to 'TLSv1.2'. If this parameter is not present, then add the same.
                    c. Add a new parameter called 'ciphers' and set the value to 'TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'

                Sample connector code :

                    <Connector port="SSL_PORT" className="org.apache.coyote.http11.Http11NioProtocol" maxThreads="200" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" keystoreFile="KEYSTORE_FILE" keystorePass="appmanager" truststoreFile="KEYSTORE_FILE" truststorePass="appmanager" acceptCount="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" redirectPort="WEBSERVER_PORT" SSLEnabled="true" protocol="org.apache.coyote.http11.Http11NioProtocol" useBodyEncodingForURI="true" URIEncoding="UTF-8" compression="on" compressionMinSize="2048" noCompressionUserAgents="gozilla, traviata" compressableMimeType="text/html,text/xml,text/javascript,text/css,application/x-javascript,application/javascript">


            3. Save and restart the APM instance.

            Updated: 02 Jan 2019 05:17 AM
            Helpful?  
            Help us to make this article better
            1 0