If SSL/TLS is enabled for a software event broker or appliance, all connection requests made through the plain text SEMP port (HTTP) are redirected to secure SEMP ports (HTTPS) ports when accessing PubSub+ Broker Manager. SEMP (Solace Element Management Protocol) is an API used to manage event brokers via a REST API. For information about it, see SEMP.
You can enable or disable the automatic redirect of HTTP requests to secure HTTPS ports through Solace CLI or configuration keys. Optionally, you can override the configured SEMP HTTPS port by configuring a specific SSL port, in which case HTTP requests will be redirected to the specified HTTPS port for that event broker.
When accessing PubSub+ Broker Manager, HTTP to HTTPS redirect will only be enabled when the following conditions are met:
- Plain-text SEMP port is configured and enabled. See Setting a SEMP Listen Port.
- SEMP TLS/SSL port is configured and enabled. See Setting a SEMP Listen Port.
- A server certificate is configured for the event broker. See Managing Server Certificates.
- SSL cipher suite is configured for management connections to the event broker. See Configuring Cipher Suites for Inbound Connections.
The examples below will show you how to enable or disable HTTP to HTTPS redirect and/or configure a specified SSL port using Solace CLI. To use configuration keys to perform these tasks, refer to the Configuration Keys page.
Enable or Disable Redirection of HTTP-to-HTTPS for PubSub+ Broker Manager
When accessing PubSub+ Broker Manager, if plain text SEMP port (HTTP) and TLS/SSL-encrypted SEMP ports (HTTPS) are enable, all HTTP requests will be redirected to HTTPS ports by default. You can use the following command to enable or disable redirection of HTTP to HTTPS..
solace(...igure/web-manager/redirect-http)# [no] shutdown
shutdown disables the redirection of plain text HTTP connection to secure HTTPS connection.
no shutdown enables the redirection of plain text HTTP connection to secure HTTPS connection.
Override Default HTTP-to-HTTPS Redirection for PubSub+ Broker Manager
You can override the configured SEMP HTTPS port by configuring a specific SSL port value. If TLS is configured on an event broker to override the default SEMP HTTPS port, all HTTPS request redirects to that specified port. If it's not configured, the default HTTPS port value is zero (0), and all HTTP requests are redirected to the HTTPS SEMP management port.
Use the following command to configure an SSL port to override the default HTTPS SEMP port.
solace(...igure/web-manager/redirect-http)# [no] override-ssl-port <port>
no override-ssl-port command returns its value to the default value of zero (0).
<port> is the HTTPS port that HTTP requests will be redirected to when accessing PubSub+ Broker Manager. If HTTPS port value is specified as zero (0), the configured SEMP SSL/TLS port will be used.