tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Gooding <josh.good...@gmail.com>
Subject Re: Need some SSL Config help.
Date Tue, 04 Aug 2009 19:46:20 GMT
Update:

So after re-re-reading the docs, since TC is not my standalone webserver, I
should configure Apache (httpd) for SSL.  That seems to be what I am
reading.

On Tue, Aug 4, 2009 at 3:43 PM, Josh Gooding <josh.gooding@gmail.com> wrote:

> wait a sec here.  I'm a little confused.  Let me ask it this way.  I have a
> Login.jsp file that takes uname / pwd and uses j_security_check for
> authentication.  That is the only thing that I want HTTPS on.  Everything
> else is not important.
>
> I have setup Apache (httpd) and am forwarding the 1 html file in the server
> via it and the rest is built on JSP so tomcat is serving them.  So which
> server do I configure for HTTPS?  My thoughts would be the tomcat since it
> is the one serving JSP, or course, I'm still really learning about SSL & how
> to make it play with Tomcat so I don't want to say I'm clueless, but I'm
> having a hard time here.  I have the docs and an OReilly book here, but
> there seem to be many options on how to configure SSL.  The SSL Cert that we
> have came with the server package we bought.  It is signed by Geo-Trust(?),
> so naturally we want to use that one instead of generating our own.
>
> Any thoughts?  Again I am sorry if it seems I'm being thick skulled, i'm
> just rather more new with SSL than anything.
>
> Thanks agan
>
> - Josh
>
>
> On Wed, Jul 29, 2009 at 4:24 AM, Wesley Acheson <wesley.acheson@gmail.com>wrote:
>
>> I thought that you only had to set up on apache (httpd server).  Thats the
>> way I got it working.
>>
>> see
>>
>> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL%20and%20Tomcatrelevenat
>> excet below
>> *SSL and Tomcat*
>>
>> *It is important to note that configuring Tomcat to take advantage of
>> secure
>> sockets is usually only necessary when running it as a stand-alone web
>> server.* When running Tomcat primarily as a Servlet/JSP container behind
>> another web server, such as Apache or Microsoft IIS, it is usually
>> necessary
>> to configure the primary web server to handle the SSL connections from
>> users. Typically, this server will negotiate all SSL-related
>> functionality,
>> then pass on any requests destined for the Tomcat container only after
>> decrypting those requests. Likewise, Tomcat will return cleartext
>> responses,
>> that will be encrypted before being returned to the user's browser. In
>> this
>> environment, Tomcat knows that communications between the primary web
>> server
>> and the client are taking place over a secure connection (because your
>> application needs to be able to ask about this), but it does not
>> participate
>> in the encryption or decryption itself.
>>
>>
>>
>>
>> On Mon, Jul 27, 2009 at 6:18 PM, Serge Fonville <serge.fonville@gmail.com
>> >wrote:
>>
>> > > Just an update.  I decided to change up what I was doing.  Instead of
>> > > starting with SSL on tomcat, I ported Apache and Tomcat to work
>> together
>> > on
>> > > my local test server.  Now I am going to do the APR.  Do I need to
>> > configure
>> > > SSL on both Apache and Tomcat or just Tomcat?
>> >
>> > If all connections go via httpd. just httpd. otherwise both
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> > For additional commands, e-mail: users-help@tomcat.apache.org
>> >
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message