Setting up HSTS on Enterprise Manager
HSTS is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying Dilqam) should automatically interact with it using only HTTPS connections, which provide Transport Layer Security (TLS/SSL).
You can force the Enterprise Manager Web UI and/or the Enterprise Manager REST API connections to use HSTS (HTTP Strict Transport Security). To do this, run the commands described below.
All commands should be run from as Admin from the product bin folder.
Enabling HSTS
Command syntax
aemctl.exe configuration set --static_http_headers header_list --rest_http_headers header_list
Parameters
Parameter | Description |
---|---|
--static_http_headers |
The headers required to connect to the Enterprise Manager Web UI. |
--rest_http_headers |
The headers required to connect using the API. |
Headers should be specified using the following format:
aemctl.exe configuration set --static_http_headers "header1:value1" "header2:value2" --rest_http_headers "header1:value1" "header2:value2"
Example
aemctl.exe configuration set --static_http_headers "Strict-Transport-Security:max-age=31536000; includeSubDomains;" --rest_http_headers "Strict-Transport-Security":"max-age=31536000; includeSubDomains;"
Disabling HSTS
You can also revert to regular HTTPS connections.
Command syntax
aemctl.exe configuration set --static_http_headers ""|--rest_http_headers ""
Parameters
Parameter | Description |
---|---|
--static_http_headers |
Use this parameter to revert the headers required to connect to the Enterprise Manager Web UI. |
--rest_http_headers |
Use this parameter to revert the headers required to connect using the API. |
Example
Disable static_http_headers
aemctl.exe configuration set --static_http_headers ""
Disable rest_http_headers
aemctl.exe configuration set --rest_http_headers ""