Secure Communication : Disabling HTTP and Running HTTPS Only
  

Disabling HTTP and Running HTTPS Only

This section should not be followed until you have made sure that your HTTPS communication is working properly.
You can configure Orchestra so that it exposes only HTTPS to connecting systems.
In order to do this, a few preconditions must be met:
Some hardware cannot use HTTPS at all, so if you have these types of hardware connected to the Central Queue Agent disabling HTTP is not an option:
TP3115
Intro8
Cinematic
HTTP cannot strictly be disabled, since some components use it for internal communication.
However, it can be set to listen only to localhost (127.0.0.1) so no one outside of the Orchestra machine can use it.
To disable HTTP:
1. First configure HTTPS properly and ensure that it works.
2. Open the System Administration application and the Parameters page and change the system parameters Central HTTP Port and Central HTTP Protocol.
The port setting should be the port of the Central HTTPS port, default is 8443.
The protocol setting should be https.
3. Stop Orchestra.
4. Edit the server configuration file to set address 127.0.0.1 for HTTP traffic.
Wildfly:
File: app\wildfly-11.0.0.Final\standalone\configuration\standalone-full.xml
Change this line:
<socket-binding name="http" port="${jboss.http.port:8080}"/>
To this:
<socket-binding name="http" interface="unsecure" port="${jboss.http.port:8080}"/>

Removing HTTPS Warnings in Browsers

To remove HTTPS warnings in your browser:
1. Go to your browser’s Settings page and locate the section where certificates are managed. Import the *.cer file that you exported in the flows above.
2. Place the certificate on Trusted Root Certification Authorities and make sure that it is located there.
3. Restart your browser for the settings to take place.