We are unable to address a security finding for the JMX console on http port 21212 without disabling all remote JMX console access that we need. We use the alternative HTTPS URL as we have HTTPS enabled but were told its impossible to disable or redirect the insecure HTTP version without turning off remote access.
Enhancement would be a way to disable backend HTTP URL's when HTTPS is being utilized.
Security finding of all web traffic being TLS per DHS BOD 18-01.
The JMX console will not be available after the change is the piece that prevents progress. We need JMX access and are also commonly asked to utilize it when we open cases.
Subject: Microfocus Case SD02644351 - fully disable http on port 21212
Thanks for your time during the call.
My name is Gianina Díaz from Omi team, I am the engineer assigned to help you on this ticket “SD02644351 - fully disable http on port 21212" As I mentioned on the phone call if you want to disable HTTP access on 21212, RTSM access breaks on 8443, due to by default port 21212 only has localhost access.
As I mentioned we do not have official documentation from our site that specify what I explained you. I have been investigating about it, and I found that is possible to disable the port on the JMX but you should understand that the JMX console will not be available after the change
WE need to check internally with the UCMDB team on this, hence changing the status to needs clarification