Hello Bill,
Thanks for the link and I'll take a look at it. I was getting some pushback from vendor so just wanted to make sure I wasn't going down the wrong lane.
Cesar
------------------------------
Cesar Garcia
------------------------------
Original Message:
Sent: Tue March 15, 2022 12:25 PM
From: Bill Holtzhauser
Subject: Enforce HTTPS on Web Application
Hi Cesar,
If you have the ability or know the developer of the application... what needs done is to put CONFIDENTIAL in the web.xml of the application like this
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
See this questions asked here and their response if you need more details...
https://www.ibm.com/mysupport/s/question/0D50z00005phqMZCAY/how-to-restrict-an-application-deployed-on-websphere-application-server-to-be-accesed-just-through-https?language=en_US
------------------------------
Bill Holtzhauser
Original Message:
Sent: Tue March 15, 2022 11:58 AM
From: Cesar Garcia
Subject: Enforce HTTPS on Web Application
I'm having issues in enforcing https on a vendor provided web application. We have added TLS and a new certificate on our WebSphere v7 stand alone setup. I assumed this would enforce https on any applications imported. The Admin Console is showing up as https and with the new cert. Do we have to update the war on WebSphere? Also, can the application override ssl via a property setting?
Cesar
------------------------------
Cesar Garcia
------------------------------