tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: AJP connector and java keystore
Date Wed, 16 Dec 2009 23:02:27 GMT
Egeste wrote:
> I'm using tomcat6, deploying a webapp via mod_jk, but my  application is 
> failing because java does not like my self signed certificate. I do not 
> want users to access tomcat directly. How can I tell tomcat that my cert 
> is trusted?
> 
If you have mod_jk (and thus Apache) in front, then why do you need that 
the communication between Apache and Tomcat would be under SSL ?
Is it not simpler to have

client --> HTTPS --> Apache --> mod_jk, non SSL --> Tomcat

If the link between Apache and Tomcat is not on the Internet, then there 
is no reason to carry the SSL overhead over to Tomcat. Let Apache and 
the client deal with it, and just talk AJP between Apache and Tomcat.

If you need to forward the user-id from Apache to Tomcat, then just set 
the "tomcatAuthentication" attribute of the AJP Connector to false, and 
Tomcat will "believe" the user-id forwarded by mod_jk.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message