tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tam, Michael" <m...@PFC.Forestry.CA>
Subject RE: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on L inux RH 7.3)
Date Wed, 02 Oct 2002 19:01:11 GMT
I believe you have to make Tomcat to listen to port 443 instead of 8443 for
SSL then allow Apache to listen to port 443.

Hope this help.

Cheers,
Michael

-----Original Message-----
From: Gustavo Vegas [mailto:gustavo@colltech.com]
Sent: Wednesday, October 02, 2002 11:56 AM
To: tomcat-user@jakarta.apache.org
Subject: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on
Linux RH 7.3)


Hello everyone,
    Here is my problem; I am trying to make SSL requests to Tomcat 
through mod_jk, but they do not appear to work. I am even able to see 
properly through plain HTTP those pages I want served by Tomcat through 
SSL. When I use the https://hosts/directory/page.jsp, I get the source 
code of the file. If I try using the 8443 port, it displays properly. I 
am also using j2sdk version 1.4.1.
Here is the definition of the virtual host under Apache:
----------------------------------------------------------------------------
-------------------
<IfModule !mod_jk.c>
  LoadModule jk_module libexec/mod_jk.so
</IfModule>

JkWorkersFile "/usr/local/apache/conf/workers.properties"
JkLogFile "/web/logs/mod_jk.log"

JkLogLevel debug

 NameVirtualHost *

<IfDefine SSL>
# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is 
SSL_CLIENT_C
ERT)
JkCERTSIndicator SSL_CLIENT_CERT
# Other needed settings
SSLOptions +StdEnvVars +ExportCertData
###############################################################
# (BEGIN) Definition of SSL host.company.com virtual host #
# NOTE: SSL Connections are only supported on IP-based virtual#
# hosts                                                       #
###############################################################

<VirtualHost 192.168.25.100:443>
    ServerName host.company.com
    ServerAdmin root@company.com
    DocumentRoot /web/htdocs/host.company.com
    ScriptAlias     /cgi-bin/ /web/htdocs/host.company.com/www/cgi-bin/
    DirectoryIndex index.html index.htm index.shtml index.shtm index.jsp
    Alias /reports/ /web/htdocs/host.company.com/reports
    JkAutoAlias /export/home/host.company.com
    SSLEngine On
    SSLCertificateFile /usr/local/XXX/certs/host.company.com.cert
    SSLCertificateKeyFile /usr/local/XXX/keys/host.company.com.com.key
    SSLCipherSuite 
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

Alias /pfctestssl "/web/htdocs/host.company.com/ssl"

    JkMount /pfctestssl/*.jsp ajp13
    JkMount /pfctestssl/* ajp13
    JkMount /pfctestssl/*.do ajp13
    JkMount /pfctestssl/manager ajp13
    JkMount /pfctestssl/manager/* ajp13

    JkMount /pfctestssl/*/*.jsp ajp13
    JkMount /pfctestssl/*/* ajp13
    JkMount /pfctestssl/*/*.do ajp13
    JkMount /pfctestssl/*/manager ajp13
    JkMount /pfctestssl/*/manager/* ajp13

    <Location "/pfctestssl/WEB-INF/">
    </Location>

    <Location "/pfctestssl/WEB-INF/">
         AllowOverride None
         Deny from all
    </Location>
    ErrorLog        /web/logs/host.company.com/ssl_error_log
    CustomLog       /web/logs/host.company.com/ssl_access_log combined
    TransferLog       /web/logs/host.company.com/ssl_transfer_log
</VirtualHost>
###############################################################
# (END) Definition of SSL host.company.com virtual host   #
# ##############################################################
</IfDefine>

----------------------------------------------------------------------------
-------------------
I believe this to be a problem with jk_mod not understanding what to do 
with the requests for these pages. I even tried  to tell it to pass such 
requests by adding wildcards for the subdirectories under the ssl 
directory, but it did not work. Any help on this issue would be highly 
appreciated. BTW, all other configuration bits seem to work. This was 
actually working prior to us getting Tomcat talking to a database 
server, but this would be extremely weird if it prevents mod_jk from 
talking SSL. That is why I am not including any other configuration 
files here. If need be, I will post any additional information that 
people may want to take a look at.

Thanks,

-- Gustavo Vegas.


--
To unsubscribe, e-mail:
<mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail:
<mailto:tomcat-user-help@jakarta.apache.org>

--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message