Securing TADDM web services

You can configure TADDM to disable the HTTP port by setting the com.ibm.cdb.secure.tomcat property (TADDM 7.3.0) or the com.ibm.cdb.secure.liberty property (TADDM 7.3.0.1, and later) in collation.properties to true. Additionally you can set more secure SSL protocol by using the com.ibm.cdb.http.ssl.protocol flag.

The default value of com.ibm.cdb.secure.tomcat and com.ibm.cdb.secure.liberty properties is false. When the HTTP port is disabled, TADDM can be accessed only by the HTTPS port, for example https://example.com:9431.
Limitation: When you have TADDM installed in the streaming server deployment, and your discovery servers and secondary storage servers are up and running, you can set the com.ibm.cdb.secure.tomcat or com.ibm.cdb.secure.liberty property to true. In such case, the HTTP port is disabled and you can use TADDM in the secure mode. However, if you want to add a new discovery server or secondary storage server to your deployment, you must temporarily enable the HTTP port, because the TADDM installer does not support the HTTPS protocol. To temporarily disable the secure mode, complete the following steps:
  1. Change the value of the com.ibm.cdb.secure.tomcat or com.ibm.cdb.secure.liberty property to false.
  2. Restart the TADDM server.
  3. Install a new discovery server or secondary storage server.
  4. Change the value of the com.ibm.cdb.secure.tomcat or com.ibm.cdb.secure.liberty property to true.
  5. Restart the TADDM server.

The default value of the com.ibm.cdb.http.ssl.protocol property is TLS. The secure values are TLS, TLSv1.1, and TLSv1.2. If you want to use the most secure protocols TLSv1.1 and TLSv1.2, you must first configure your web browser to support them.