This document outlines how to change the Embedded Entitlements Manager (EEM) UI Protocol to HTTPS only
By default, when the Embedded Entitlements Manager (EEM) is installed it is configured for both HTTP and HTTPS protocols. This may be highlighted as a vulnerability if a scan is run against the EEM server.
APM 10.7
Embedded Entitlements Manager 12.6
To configure EEM to ONLY listen on https protocol, set the 'conntype' parameter to 'secure' in the \Program Files\CA\SC\iTechnology\igateway.conf file.
<!-- DO NOT REMOVE THIS -->
<TransportReceiver imageName="HTTPListener" name="HTTP">
<implementation>synchronous</implementation>
<!-- DO NOT REMOVE THIS -->
<Connector name="defaultport">
<port>5250</port>
<mustlisten>true</mustlisten>
<conntype>secure</conntype>
<conntimeout>120</conntimeout>
<peektimeout>30</peektimeout>
<maxconnections>1000</maxconnections>
<maxrequestbytes>10000000</maxrequestbytes>
<maxpiperequests>10</maxpiperequests>
<maxAcceptRate/>
<certType/>
<certURI/>
<certPW/>
<keyURI/>
<keyPW/>
<secureProtocol/>
<cipherlist/>
</Connector>
</TransportReceiver>
Save the file and restart the iTechnology iGateway service for the changes to take effect.