Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

No cookies to display.

Enable https on WebPasswordSafe (WPS) on CentOS7/RHEL7

by | Dec 24, 2018 | RHEL / CentOS

This article will guide you through Enabling https on WebPasswordSafe v1.3. The assumption is that you already have a 100% working WebPasswordsafe setup in-place. If you don’t, then you can follow this article for Setup of WebPasswordSafe on CentOS7/RHEL7.

The Prerequisites are as follows.

Apache and mod_ssl 2.4.6 or higher

Start with installing Apache and mod_ssl.

# yum -y install httpd mod_ssl

Edit httpd.conf and add/amend the following lines.

# vi /etc/httpd/conf/httpd.conf

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<Proxy *>
Order deny,allow
Deny from all
Allow from 10.0.10.0/24
</Proxy>

***Note: Replace 10.0.10.0/24 with required LAN Subnet***

Create a file for a ProxyPass

# vi /etc/httpd/conf.d/proxy_ajp.conf
ProxyPass /wps/ ajp://localhost:8009/wps/

Now create a new redirect file so that all requests go to “https

# vi /etc/httpd/conf.d/redirect.conf
Redirect / https://10.0.10.19/wps/

*** Note - Replace 10.0.10.19 with WPS Server IP Address***

Now the last step is to disable plain “http” access in Tomcat Add/Edit "/opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml" file (The "/wps/" path is dependent on the WPS setup) and add the below lines before </web-app>

# vi /opt/webpasswordsafe/catalina_base/webapps/wps/WEB-INF/web.xml

<!-- Require HTTPS for everything except /img (favicon) and /css. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOrHTTP</web-resource-name>
<url-pattern>*.ico</url-pattern>
<url-pattern>/img/*</url-pattern>
<url-pattern>/css/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>

Now restart Apache and wps service for the changes to take effect.

# systemctl restart httpd && systemctl restart wps

Check the status to make sure all is up and working

# systemctl status httpd && systemctl status wps

Now browse to the https URL and all should be up and running

(https://hostname_or_IP/wps)

Please do let us know via Contact Us if you come across any issues and we will try to help resolve as soon as we can.

Related Articles….