How to change the Embedded Entitlements Manager (EEM) UI Protocol to HTTPS ony

book

Article ID: 211122

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

This document outlines how to change the Embedded Entitlements Manager (EEM) UI Protocol to HTTPS only 

Cause

By default, when the Embedded Entitlements Manager (EEM) is installed it is configured for both HTTP and HTTPS protocols. This may be highlighted as a vulnerability if a scan is run against the EEM server.

Environment

APM 10.7
Embedded Entitlements Manager 12.6

Resolution

To configure EEM to ONLY listen on https protocol, set the 'conntype' parameter to 'secure' in the \Program Files\CA\SC\iTechnology\igateway.conf file.

<!-- DO NOT REMOVE THIS -->
        <TransportReceiver imageName="HTTPListener" name="HTTP">
                <implementation>synchronous</implementation>

                <!-- DO NOT REMOVE THIS -->
                <Connector name="defaultport">
                        <port>5250</port>
                        <mustlisten>true</mustlisten>
                        <conntype>secure</conntype>
                        <conntimeout>120</conntimeout>
                        <peektimeout>30</peektimeout>
                        <maxconnections>1000</maxconnections>
                        <maxrequestbytes>10000000</maxrequestbytes>
                        <maxpiperequests>10</maxpiperequests>
                        <maxAcceptRate/>
                        <certType/>
                        <certURI/>
                        <certPW/>
                        <keyURI/>
                        <keyPW/>
                        <secureProtocol/>
                        <cipherlist/>
                </Connector>
        </TransportReceiver>

Save the file and restart the iTechnology iGateway service for the changes to take effect.