tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hollerman Geralyn M <>
Subject Re: Apache certificate
Date Wed, 28 Apr 2004 18:26:46 GMT
Daniel Gibby wrote:

> Maybe he knows something you don't... How are people accessing your 
> URLs? 

Primarily, they're supposed to go thru a link on a main page (the link is in 
http, and Apache would rewrite it) OR people could enter that same link manually 
- but we think it is VERY unlinkely that someone(a casual user) would go to the 
trouble of specifying the EXACTLY name, port included, that Tomcat needs. I 
think the case my sysadmin is considering is where a user inadvertantly 
specifies https.

> what will the rewrite do? 

Re-write the URL for Tomcat; basically, change "" to "".

> Will something that is https _ever_ have 
> to go through apache for some URL rewriting? If so, then for sure apache 
> would have to need a certificate installed as well. 

This I don't understand. Even if you simply tell Apache to rewrite something 
that starts with "https" as starting with "http" Apache has to "see" a certificate?

> I don't see why you 
> couldn't install it on both, but they both couldn't listen on the same 
> port on the same IP address. That is for sure.

The problem was the format - Tomcat wanted JKS and the Apache certificate is in 
PKCS12. I had asked about this earlier when we were just using a self-signed 
cert (rather than a "real" CA one), and was told with my version of Tomcat I 
could change "keystoreType" to PKCS12 and everything would be fine. It was. As 
it turned out, the reason this version with a "real" cert didn't work was 
because of a problem in importing - not everything came along that was needed.
So, while the problem was solved, I'm now doubting if I understand Apache!

Lynn Hollerman.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message