Skip to main content Skip to complementary content

Setting up HSTS on Enterprise Manager

HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying Dilqam) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL).

You can force the Enterprise Manager Web UI and/or the Enterprise Manager REST API connections to use HSTS (HTTP Strict Transport Security). To do this, run the commands described below.

All commands should be run from as Admin from the product bin folder.

Enabling HSTS

Command syntax

aemctl.exe configuration set --static_http_headers header_list --rest_http_headers header_list

Parameters

Parameter Description
--static_http_headers

The headers required to connect to the Enterprise Manager Web UI.

--rest_http_headers

The headers required to connect using the API.

Headers should be specified using the following format:

aemctl.exe configuration set --static_http_headers "header1:value1" "header2:value2" --rest_http_headers "header1:value1" "header2:value2"

Example

aemctl.exe configuration set --static_http_headers "Strict-Transport-Security:max-age=31536000; includeSubDomains;" --rest_http_headers "Strict-Transport-Security":"max-age=31536000; includeSubDomains;"

Disabling HSTS

You can also revert to regular HTTPS connections.

Command syntax

aemctl.exe configuration set --static_http_headers ""|--rest_http_headers ""

Parameters

Parameter Description
--static_http_headers

Use this parameter to revert the headers required to connect to the Enterprise Manager Web UI.

--rest_http_headers

Use this parameter to revert the headers required to connect using the API.

Example

Disable static_http_headers

aemctl.exe configuration set --static_http_headers ""

Disable rest_http_headers

aemctl.exe configuration set --rest_http_headers ""

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!