tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John MccLain" <jmccl...@tcshealthcare.com>
Subject round trip SSL question
Date Fri, 27 Feb 2004 18:59:55 GMT
What we want to do is have round trip, SSL encryption when our clients use
our webapps AND not have the port number as part of the URL. There are 3
scenarios:

1)	Our client is using IIS to serve their current webapps – some of these
apps could be employing SSL. How do we insure that JSP’s and Servlets that
are redirected to Tomcat are talking with IIS securely – encrypted? I
understand that typical redirection from IIS to tomcat is always decrypted,
cleartext.

2)	Our client is using IIS to serve their current webapps – none of their
apps employ ssl. Can (and should) we setup IIS and Tomcat so that SSL
requests go directly to Tomcat (Tomcat talks to client directly when SSL
request issued) and standard HTTP requests goto IIS?

3)	Our client does NOT want to use IIS – how do you setup tomcat to be a
secure webapp server? (this is not as big a problem as numbers 1 and 2)


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message