tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Lucia" <>
Subject RE: Tomcat + IIS + SSL
Date Wed, 26 Apr 2006 01:09:58 GMT
You should use the AJP connector to communicate between IIS
(isapi_redirect.dll) and Tomcat (via JK).  Let IIS handle the web, ssl, and
port problems. 


-----Original Message-----
From: Andrew Bubnic [] 
Sent: Tuesday, April 25, 2006 8:29 PM
Subject: Tomcat + IIS + SSL



We are currently running tomcat on port 8080 and IIS 6 on port 80, and
depending on what directory the user selects, e.g


The request gets forwarded to the appropriate tomcat webapp on port
8080. We are using the Jakarta Isapi Redirector isapi_redirect.dll to do
this. This has worked fine for months.


The second I uncomment this section in tomcat's server.xml:


    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->


    <Connector port="8443" 

               maxThreads="150" minSpareThreads="25"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />


IIS redirection hangs. Accessing tomcat webapp using :8080 still works,
but IIS does not forward to it any longer. I also tried changing the
connector port from 8443 to 9443 but same problem. 


To be honest, I'm not sure if I should use an SSL certificate for IIS
and somehow have it take care of security, or to simply add it to the
8443 connector in Tomcat. (that's a less important story)


What I really need to know is how to make them work together using
https, with the minimum being IIS redirecting say https://...../blahblah
to tomcat https://.....:8443/blahblah. I've tried this and get the
hanging problem as described above. I've gotten tomcat to work fine with
SSL on my development machine (which does not have IIS redirection at
all) but not on our server which does use IIS.


Unfortunately I haven't been able to find anything very useful on this
on Google/forums etc and have minimum time frames to play around testing
different options on the server.


I'd appreciate any help/ideas. Thanks.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message