Securing TADDM web services
You can configure TADDM to disable the HTTP port by setting the
com.ibm.cdb.secure.tomcat
property (TADDM 7.3.0) or the
com.ibm.cdb.secure.liberty
property (TADDM 7.3.0.1, and later) in
collation.properties to true. Additionally you can set
more secure SSL protocol by using the com.ibm.cdb.http.ssl.protocol
flag.
The default value of
com.ibm.cdb.secure.tomcat
and
com.ibm.cdb.secure.liberty
properties is false. When the
HTTP port is disabled, TADDM can be accessed only by the HTTPS port, for example
https://example.com:9431
.Limitation: When you have
TADDM installed in the streaming server deployment, and your discovery servers and secondary storage
servers are up and running, you can set the
com.ibm.cdb.secure.tomcat
or
com.ibm.cdb.secure.liberty
property to true. In such case,
the HTTP port is disabled and you can use TADDM in the secure mode. However, if you want to add a
new discovery server or secondary storage server to your deployment, you must temporarily enable the
HTTP port, because the TADDM installer does not support the HTTPS protocol. To temporarily disable
the secure mode, complete the following steps:- Change the value of the
com.ibm.cdb.secure.tomcat
orcom.ibm.cdb.secure.liberty
property to false. - Restart the TADDM server.
- Install a new discovery server or secondary storage server.
- Change the value of the
com.ibm.cdb.secure.tomcat
orcom.ibm.cdb.secure.liberty
property to true. - Restart the TADDM server.
The default value of the com.ibm.cdb.http.ssl.protocol
property is TLS. The secure values are TLS, TLSv1.1,
and TLSv1.2. If you want to use the most secure
protocols TLSv1.1 and TLSv1.2,
you must first configure your web browser to support them.