HTTPS-Implementing SSL on AHP Server

These are the correct instructions for converting a non-ssl 3.8.x server over to a server that uses SSL.

1. Navigate to the %SERVER_HOME%\opt\tomcat\conf

• Notice the server.xml file, server-http.xml and server-https.xml
• If you open any of these, you will see they get their values from conf\server\installed.properties... example: Connector port="${install.server.web.port}address="${install.server.web.ip}"

2. Do a diff of the server-http.xml and server.xml (they should be the same, if not not stop or make a copy of server.xml first or stop doing this)

3. Copy server-http.xml to server.xml

4. Navigate to the %SERVER_HOME%\conf\server directory and edit the installed.properties file

• Change this line: install.server.web.always.secure=N to install.server.web.always.secure=Y
• Add this line: install.server.web.https.port=8443
• Verify this line exists, if not add it: install.server.web.https.protocol=TLS

5. Navigate to the %SERVER_HOME%\opt\tomcat\webapps\ROOT\WEB-INF directory

6. Edit the web.xml file by uncommenting

 <!--@@SECURE_START@@  and @@SECURE_END@@ --> 

to look like below:

 <!-- @@SECURE_START@@ -->
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Tools</web-resource-name>
      <url-pattern>/tools/*</url-pattern>
    </web-resource-collection>
  </security-constraint>
  <security-constraint>
    <web-resource-collection>
      <web-resource-name>Automatic SSL Forwarding</web-resource-name>
      <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <user-data-constraint>
      <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
  </security-constraint>
  <!-- @@SECURE_END@@ --> 

7. Start up the AHP server and navigate to System -> Server Settings and modify the External URL to use HTTPS (example: https://localhost:8443/)