Micro Focus Expert
Micro Focus Expert

UCMDB Tip : Heartbleed documentation-Tomcat server.xml file configuration scenario

The Heartbleed documentation ( https://support.openview.hp.com/selfsolve/document/KM00863916 ) to secure Configuration Manager and UCMDB Browser states the following:

UCMDB Browser

1. Go to <Browser Install Dir>/conf/server.xml.

2. Comment out below line in the file 
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> 

3. Change HTTPS connectors configuration 
from <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" .../> to 
<Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443" .../> 

4. Restart Tomcat.

5. Revoke the server certificates used in Tomcat.


However there could be scenario's where there may not be any Connector protocol sections (step 3) in user's server.xml files.
Could this lead their systems vulnerable to the Heartbleed bug?





According to R&D, Configuration Manager and UCMDB Browser are not affected by this vulnerability if they are configured Out-Of-The-Box (OOTB) or as configured according to the Hearbleed documentation.

The "Connector Protocol" sections are added by end users for SSL configuration. 

If they do not exist then please ignore step 3 of the documentation.



“Micro Focus Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.”

Click the KUDOS star to say 'Thanks'
Labels (1)
Tags (2)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.