WebSphere Application Server & Liberty

 View Only
  • 1.  Enforce HTTPS on Web Application

    Posted Tue March 15, 2022 11:58 AM
    I'm having issues in enforcing https on a vendor provided web application.  We have added TLS and a new certificate on our WebSphere v7 stand alone setup. I assumed this would enforce https on any applications imported.  The Admin Console is showing up as https and with the new cert. Do we have to update the war on WebSphere?  Also, can the application override ssl via a property setting?

    Cesar

    ------------------------------
    Cesar Garcia
    ------------------------------


  • 2.  RE: Enforce HTTPS on Web Application

    Posted Tue March 15, 2022 12:25 PM

    Hi Cesar,

    If you have the ability or know the developer of the application... what needs done is to put CONFIDENTIAL in the web.xml of the application like this

    <transport-guarantee>CONFIDENTIAL</transport-guarantee>

    See this questions asked here and their response if you need more details...

    https://www.ibm.com/mysupport/s/question/0D50z00005phqMZCAY/how-to-restrict-an-application-deployed-on-websphere-application-server-to-be-accesed-just-through-https?language=en_US



    ------------------------------
    Bill Holtzhauser
    ------------------------------



  • 3.  RE: Enforce HTTPS on Web Application

    Posted Tue March 15, 2022 05:26 PM
    Hello Bill,

    Thanks for the link and I'll take a look at it.  I was getting some pushback from vendor so just wanted to make sure I wasn't going down the wrong lane.  

    Cesar

    ------------------------------
    Cesar Garcia
    ------------------------------