Question

6
Replies
111
Views
Close popover
Suman Pyne (sumanpyne)
Accenture

Accenture
IN
View ProfileSend Message
sumanpyne Member since 2009 14 posts
Accenture
Posted: January 8, 2019
Last activity: April 4, 2019
Closed

Expose Microsite in https

Our client wants to expose Microsite as https service and not as http. For this what additional settings need to be done at the PEGA end.

Is there any additional configuration to be done in the application server side.

All other services of the client are not secured i.e. plain http. Now if they want to expose Microsite as a secured service will it cause any issue to the existing unsecured services.

Thanks.

Suman

Pega Marketing
Close popover
Moderation Team has archived post
Posted: 2 years ago
Close popover
Saleem Abdelsayed (Saleem_A)
PEGA
Sr. Director, Product Management
Pegasystems Inc.
US
View ProfileSend Message

I believe this was responded to in a different thread, but generally you need not configure anything additional to support https.  If it works for http, it should seamlessly work for https, assuming your https certificates are in order and traffic can flow to the https endpoint.  Check your firewall to ensure that endpoint is accessible.

Posted: 2 years ago
Close popover
Suman Pyne (sumanpyne)
Accenture

Accenture
IN
View ProfileSend Message

One more query on this is :


Can we have the microsite HTTPS only and several other services currently running services as HTTP? Can both protocols co-exist.


How can we achieve this ? 


Thanks for your help and support.


Regards,


Suman.

Posted: 2 years ago
Close popover
Marco Looy (Marco Looy)
MOD
Senior Director, Customer Engagement and Analytics Enablement
Pegasystems Inc.
NL
View ProfileSend Message

Suman,


You can use a service like AWS ClountFront or Apache to handle the HTTPS redirection to the HTTP microsite.


Marco.

Posted: 2 years ago
Close popover
Mohith Chintala (MohithC8)
Accenture

Accenture
AE
View ProfileSend Message

Hi Marco


The problem is that the security team is agreeing in using a reverse proxy but they are still expecting that we will expose the microsite in HTTPs. (as mentioned by Suman all our existing services are in HTTP) 


I was thinking, can we create a new JVM (and so a new port) that will be used only for the microsite and install the SSL certificate there only? Is this possible? Is this causing problem to the Pega cluster?


as i see it, I don’t think that we can reuse the existing nodes that we have right now… we are exposing all the services from one node (7005 or 7009) so if we deploy the SSL certificate in that node then all the services must comply with HTTPs.


what do you think?

Posted: 1 year ago
Close popover
Mohith Chintala (MohithC8)
Accenture

Accenture
AE
View ProfileSend Message

Hi everyone


we implemented the reverse proxy but apparently the link produced from Pega has some spaces (the %09% below) and it get blocked by the reverse proxy  itself because this lead to Evasion technique attack vulnerability.


 


https://XXXXX.com/prweb/PRHTTPService/MKT/RH/PORE?Px=%09%7Bpr%7DMdKZs%2BIQFDaY%2Fk2GWrVcn7mHKQZ6cLXFU2X2%2Fay2


 


GCS proposed us some solution that should have trimmed the spaces but unfortunately it didn’t work (the spaces are still there).


has anyone faced similar problem ? how it can be solved?

Posted: 1 year ago
Close popover
Marissa Rogers (MarissaRogers)
MOD
Senior Community Moderator
Pegasystems Inc.
US
View ProfileSend Message
Hello!


 


Thank you for posting your query on PSC. This looks like an inactive post and hence, we suggest you create a new post for your query. Click on the Write a Post button that’s at the top of this screen and also on our Pega Support Community homepage.  Once created, please reply back here with the URL of the new post.


 


We have also sent you a private message opening up a communication channel in case you have any further questions.


 


Thanks,


 
Share this page Share via LinkedIn Copying...
Copied!