I believe this was responded to in a different thread, but generally you need not configure anything additional to support https.  If it works for http, it should seamlessly work for https, assuming your https certificates are in order and traffic can flow to the https endpoint.  Check your firewall to ensure that endpoint is accessible.

Suman,

You can use a service like AWS ClountFront or Apache to handle the HTTPS redirection to the HTTP microsite.

Marco.

Hi Marco

The problem is that the security team is agreeing in using a reverse proxy but they are still expecting that we will expose the microsite in HTTPs. (as mentioned by Suman all our existing services are in HTTP) 

I was thinking, can we create a new JVM (and so a new port) that will be used only for the microsite and install the SSL certificate there only? Is this possible? Is this causing problem to the Pega cluster?

as i see it, I don’t think that we can reuse the existing nodes that we have right now… we are exposing all the services from one node (7005 or 7009) so if we deploy the SSL certificate in that node then all the services must comply with HTTPs.

what do you think?

Hi everyone

we implemented the reverse proxy but apparently the link produced from Pega has some spaces (the %09% below) and it get blocked by the reverse proxy  itself because this lead to Evasion technique attack vulnerability.

https://XXXXX.com/prweb/PRHTTPService/MKT/RH/PORE?Px=%09%7Bpr%7DMdKZs%2BIQFDaY%2Fk2GWrVcn7mHKQZ6cLXFU2X2%2Fay2

GCS proposed us some solution that should have trimmed the spaces but unfortunately it didn’t work (the spaces are still there).

has anyone faced similar problem ? how it can be solved?