Restrict REST Access to the HTTPS Port
In a production environment, you should restrict REST access to a secure port. To do so, make the following changes to a default installation:
Edit your project's
conf/jetty.xml
configuration file.Comment out or delete the
<Call name="addConnector">
code block that includes theopenidm.port.http
property. Keep the<Call name="addConnector">
code blocks that contain theopenidm.port.https
andopenidm.port.mutualauth
properties.Set the
openidm.port.https
andopenidm.port.mutualauth
port numbers in theresolver/boot.properties
file.Edit your project's
conf/config.properties
file.Set the
org.osgi.service.http.enabled
property to false, as shown in the following excerpt:# Enable pax web http/https services to enable jetty org.osgi.service.http.enabled=false org.osgi.service.http.secure.enabled=true
Use a certificate to secure REST access, over HTTPS. You can use self-signed certificates in a test environment. In production, all certificates should be signed by a certificate authority. The examples in this guide assume a CA-signed certificate named ca-cert.pem
.