10.4 Force SSL when accessing the manager application via HTTP

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


Use the transport-guarantee attribute to ensure SSL protection when accessing the manager application.


By default when accessing the manager application via HTTP, login information is sent over the wire in plain text. By setting the transport-guarantee within web.xml, SSL is enforced.

Note: This requires SSL to be configured.


Set <transport-guarantee> to CONFIDENTIAL in $CATALINA_HOME/webapps/manager/WEB-INF/web.xml:


Default Value:

By default this configuration is not present.

See Also