tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Gooding <>
Subject Need some SSL Config help.
Date Sat, 25 Jul 2009 02:25:45 GMT
Hello again.

Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 db, I
need to clamp the server down tight using SSL.  I've already created my
keystore file and I am able to get the server to serve on port 443 (by going
to http://localhost:443).  I can get it to Subsequent attempts to serve as
https://localhost are proving not to be fruitful.

I have a webserver (tomcat) that is in development status that I want to
clamp down.  I am using a realm to login using j_security_check to login to
the software.  Right now what I want to do is install the Apache webserver
and get it talking to tomcat (not hard).  I created my keystore file and I
know it works because I've tested it.  What I need to know are these things
(btw, if they are in the docs, please just say so and I'll look harder)

If I want to use SSL for each person logging into the instance (which is
using Tomcat to serve) do I need to have SSL on both Apache webserver and
Tomcat, just the webserver, or just tomcat?

Right now for example, if I go to[companyid] I get a
simple login / pwd (using j_sec_chk).  I'm using a realm configuration in my
It's not using SSL.  Following Tomcat's instructions, I have SSL configured
on my test server, and it seems to run if I go to I get the default tomcat page.  However if I
go to, I get "cannot connect or website not
responding"  I can't remember which one.  Is this a simple configuration
thing or will this solve itself if I install the webserver and connect tc
and apache web?

Second, since I am using j_security_check for login, are there native
classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is there
another method of logging in that I should use?  I can write my own custom
classes, but I am not really clear on if there is something better that is
native.  i'm looking at needing a 3 strikes and your locked out
functionality across SSL.  This is a simple yes there is a better way and
it's part of tomcat, or write your custom code.  I'm not looking for the
typical "please do it for me" requests that I normally see on dev / user

Since each company has exactly ONE html page (which is only a welcome page),
I honestly don't see the need to install the webserver except the fact that
it is the right way of doing things.  Is my thinking off on this?

For some reason, my brain is becoming like a sponge for tomcat
configuration.  So forgive me for asking a ton of questions.  I'm reading
both the tomcat documentation and an O'Reilly book on tomcat, and I want to
get good enough at this that I can configure it in any environment.  I
really enjoy tomcat and become knowledgeable enough that I don't fel like
such a newbie asking questions.  Any insight or direction would be greatly

Warm regards,


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message