Disable Management Server Port 8080

Document ID : KB000125551
Last Modified Date : 30/01/2019
Show Technical Document Details
Introduction:
The management server and execution servers use http over port 8080 by default. While configuring the management server and execution server to use SSL/TLS over port 8443 you might want to disable port 8080 so that tomcat isn't listening for connections and more vulnerable. 
Question:
Is disabling port 8080 on the management and execution servers supported? 
Environment:
CA Release Automation 6.6
Answer:
Yes. Ports can be disabled by commenting out the following Connector element in Tomcat's server.xml file: Connector port="8080"

Please note that when doing this it is expected that:
  • The whole Connector that uses port 8080 is commented out. It often has line separated attributes including compression="on" and server="Unknown" and that should be part of the comment. 
  • The environment needs to be configured to use SSL/TLS over port 8443. There is nothing needed to enable this port. It is enabled by default. However, some changes are necessary to make active-mq on the NES communicate using SSL/TLS. More details can be found here: https://docops.ca.com/ca-release-automation/6-6/en/installation/ca-release-automation-security/secure-communications 
Additional Information:
Here are some articles related to securing the CA Release Automation environment. Some of the articles (those listed up top) are helpful when setting it up. The other articles are the more frequently seen issues related to securing your CA Release Automation environment. 

Knowledge Base Articles
Secure Communications
Secure Communications With Signed Certificates
Configuring SSL for RA repository server
How to install p12 certificate to secure UI communication
JAR resources in JNLP file are not signed by same certificate
Unable to Launch ASAP UI (Automation Studio) over SSL
Actions return: javax.net.ssl.SSLHandshakeException PKIX path building failed
Agent Certificate Problems After Upgrade
Failed to download artifact to retrieval agent
The default SHA-1 SSL certificates used by Release Automation will stop being supported by Microsoft / Google browsers in 2017