...
By default HTTPS is not enabled, but it can be easily configured and used directly, by modifying the etc/org.ops4j.pax.web.cfg
file. The reason for this is that it requires a setup of keystore & truststore and unless one has a key signed by a CA, the self-signed key ends up raising issues with REST API and puts up entry barriers in the browser. For these reason, this remain a manual configuration task.
; see instructions in https://ops4j1.jira.com/wiki/display/paxweb/SSL+Configuration.
For the same reasons.For now, neither REST API or nor GUI will presently insist on communicating via HTTPS via mandatory redirect to a confidential channel. , but the mandatory redirect will be highly inconvenient because it forces setup of keystone However, one can force HTTPS-only communication by disabling the HTTP channel by modifying the etc/org.ops4j.pax.web.cfg
file. Default version of this file is under source-control in tools/package/etc
directory and is included in the corresponding distributable tar.gz, zip, deb & rpm packages.