Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 40790 invoked from network); 2 Jun 2009 22:22:27 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 2 Jun 2009 22:22:27 -0000 Received: (qmail 59153 invoked by uid 500); 2 Jun 2009 22:22:09 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 58913 invoked by uid 500); 2 Jun 2009 22:22:08 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 58072 invoked by uid 99); 2 Jun 2009 22:17:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jun 2009 22:17:53 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of aw@ice-sa.com designates 212.85.38.228 as permitted sender) Received: from [212.85.38.228] (HELO tor.combios.es) (212.85.38.228) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Jun 2009 22:17:42 +0000 Received: from localhost (localhost [127.0.0.1]) by tor.combios.es (Postfix) with ESMTP id 9EBDE226091 for ; Wed, 3 Jun 2009 00:14:22 +0200 (CEST) Received: from tor.combios.es ([127.0.0.1]) by localhost (tor.combios.es [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eaKFlN7CKuNr for ; Wed, 3 Jun 2009 00:14:22 +0200 (CEST) Received: from [192.168.245.129] (montserrat.wissensbank.com [212.85.37.175]) by tor.combios.es (Postfix) with ESMTPA id 58450226080 for ; Wed, 3 Jun 2009 00:14:22 +0200 (CEST) Message-ID: <4A25A4CE.7000802@ice-sa.com> Date: Wed, 03 Jun 2009 00:16:46 +0200 From: =?windows-1252?Q?Andr=E9_Warnier?= Reply-To: aw@ice-sa.com User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Which Do I SSL - httpd or Tomcat? References: <7nafpc$n9282@dmzms99902.na.baesystems.com> In-Reply-To: <7nafpc$n9282@dmzms99902.na.baesystems.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Alston, Brian (US SSA) wrote: > > What I have is 3 virtual servers (VMWare -> Windows Server 2003). One server has Apache httpd v2.2.11 and two other servers running Apache Tomcat v6.0.18. The Tomcat servers are independently accessible from outside of the httpd server; so, I assume that I will need to place SSL on all three servers. > I think the question to ask is : do your Tomcat servers /have to be/ accessible directly, without going through httpd ? If not, then it is possible to configure Tomcat so that it will /only/ accept connections from the IP address of your httpd server, and from nowhere else. The point is : using HTTPS is "expensive" (all communications have to be encrypted, which has a cost). So if you can make it so that the http <-> Tomcat connection is "private", you don't heve to use HTTPS between them. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org