Configuration data is sent network device in clear text on port 8080

Document ID : KB000113334
Last Modified Date : 07/09/2018
Show Technical Document Details
Issue:
We have implemented SSL for CA Spectrum Oneclick console.
During a security scan in the data is shown in cleartext and communication is happening with port 8080.
Cause:
Port 8080 is not a secure port.
Resolution:
The connector must be commented out in the server.xml file and tomcat restarted.

1. Navigate to $SPECROOT/tomcat/conf
2. Open server.xml file in text editor of choice.
3. Find this line (or similar):

<Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="true" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" tcpNoDelay="true"/>

4. Add comments around it:
<!--
<Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="true" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" tcpNoDelay="true"/>
-->

5. You should only have the SSL connector open, such as this:

<Connector port="8443" enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystoreFile="/ca/spectrum/custom/keystore/cacerts"keystorePass="changeit"></Connector>

6. Save the file and restart Spectrum Tomcat Service.