Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 87010 invoked from network); 2 Mar 2008 16:00:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Mar 2008 16:00:25 -0000 Received: (qmail 82455 invoked by uid 500); 2 Mar 2008 16:00:08 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 82425 invoked by uid 500); 2 Mar 2008 16:00:08 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 82412 invoked by uid 99); 2 Mar 2008 16:00:08 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 02 Mar 2008 08:00:08 -0800 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of ellisje22@hotmail.com designates 65.55.175.174 as permitted sender) Received: from [65.55.175.174] (HELO blu139-omc2-s4.blu139.hotmail.com) (65.55.175.174) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 02 Mar 2008 15:59:21 +0000 Received: from BLU104-W44 ([65.55.162.186]) by blu139-omc2-s4.blu139.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sun, 2 Mar 2008 07:59:41 -0800 Message-ID: Content-Type: multipart/alternative; boundary="_20c5de9e-55d7-4a25-a86e-8a56a8b5e101_" X-Originating-IP: [69.250.47.102] From: James Ellis To: Subject: mod_jk or mod_proxy_ajp - encryption benefits? Date: Sun, 2 Mar 2008 15:59:41 +0000 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 02 Mar 2008 15:59:41.0705 (UTC) FILETIME=[6D086790:01C87C7E] X-Virus-Checked: Checked by ClamAV on apache.org --_20c5de9e-55d7-4a25-a86e-8a56a8b5e101_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I know that mod_jk is the battle tested connector between Apache and Tomcat= , but as I understand it the SSL connection generally terminates at the Apa= che web server and the traffic between Apache and Tomcat (to the AJP connec= tor) is unencrypted. Two questions: 1) Does mod_proxy_ajp provide for any encryption between the web server and= the app server (Tomcat) that mod_jk does not? 2) If the answer to number 1 above is "NO". Is it possible to keep the ser= ver certificates on the app servers and so that the connection from the cli= ent to the app server is encrypted all the way through? In this case the a= pache web server would simply function as a load balancer/failover solution= . Thanks, Jim --_20c5de9e-55d7-4a25-a86e-8a56a8b5e101_--