tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Gooding <josh.good...@gmail.com>
Subject Re: Need some SSL Config help.
Date Tue, 04 Aug 2009 19:43:04 GMT
wait a sec here.  I'm a little confused.  Let me ask it this way.  I have a
Login.jsp file that takes uname / pwd and uses j_security_check for
authentication.  That is the only thing that I want HTTPS on.  Everything
else is not important.

I have setup Apache (httpd) and am forwarding the 1 html file in the server
via it and the rest is built on JSP so tomcat is serving them.  So which
server do I configure for HTTPS?  My thoughts would be the tomcat since it
is the one serving JSP, or course, I'm still really learning about SSL & how
to make it play with Tomcat so I don't want to say I'm clueless, but I'm
having a hard time here.  I have the docs and an OReilly book here, but
there seem to be many options on how to configure SSL.  The SSL Cert that we
have came with the server package we bought.  It is signed by Geo-Trust(?),
so naturally we want to use that one instead of generating our own.

Any thoughts?  Again I am sorry if it seems I'm being thick skulled, i'm
just rather more new with SSL than anything.

Thanks agan

- Josh

On Wed, Jul 29, 2009 at 4:24 AM, Wesley Acheson <wesley.acheson@gmail.com>wrote:

> I thought that you only had to set up on apache (httpd server).  Thats the
> way I got it working.
>
> see
>
> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL%20and%20Tomcatrelevenat
> excet below
> *SSL and Tomcat*
>
> *It is important to note that configuring Tomcat to take advantage of
> secure
> sockets is usually only necessary when running it as a stand-alone web
> server.* When running Tomcat primarily as a Servlet/JSP container behind
> another web server, such as Apache or Microsoft IIS, it is usually
> necessary
> to configure the primary web server to handle the SSL connections from
> users. Typically, this server will negotiate all SSL-related functionality,
> then pass on any requests destined for the Tomcat container only after
> decrypting those requests. Likewise, Tomcat will return cleartext
> responses,
> that will be encrypted before being returned to the user's browser. In this
> environment, Tomcat knows that communications between the primary web
> server
> and the client are taking place over a secure connection (because your
> application needs to be able to ask about this), but it does not
> participate
> in the encryption or decryption itself.
>
>
>
>
> On Mon, Jul 27, 2009 at 6:18 PM, Serge Fonville <serge.fonville@gmail.com
> >wrote:
>
> > > Just an update.  I decided to change up what I was doing.  Instead of
> > > starting with SSL on tomcat, I ported Apache and Tomcat to work
> together
> > on
> > > my local test server.  Now I am going to do the APR.  Do I need to
> > configure
> > > SSL on both Apache and Tomcat or just Tomcat?
> >
> > If all connections go via httpd. just httpd. otherwise both
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message