tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Wall <>
Subject Re: SSL Certificate Beginner Question
Date Wed, 30 Nov 2005 19:21:12 GMT

>I did not include a security constraint.
>Is this needed for SSL? I spend some time looking at this element, and I was under the
impression that it was for form authentication? 
You don't really need it for SSL testing, but you'd want to do it in 
your production world because it basically instructs Tomcat to FORCE SSL 
to be used when going to a given URL-pattern (that portion of your web 
app that requires https).  That is, if the user accesses your site with 
http://xxxx, the port 80 Connector (or 8080 if testing or using a 
non-standard port) has a "redirectPort" element that causes Tomcat to 
automatically issue a redirect using https://xxxx (in production, this 
is typically set to redirectPort="443" for standard HTTPS).

But if you just say https://xxxx or https://xxxx:8443, then it should 
let you test before the constraint is used.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message