tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Egeste <>
Subject Re: AJP connector and java keystore
Date Thu, 17 Dec 2009 01:36:36 GMT
You are correct, i misinterpreted the issue. Thank you for the  
information about tomcatAuthentication

On Dec 16, 2009, at 5:02 PM, André Warnier wrote:

> Egeste wrote:
>> I'm using tomcat6, deploying a webapp via mod_jk, but my   
>> application is failing because java does not like my self signed  
>> certificate. I do not want users to access tomcat directly. How can  
>> I tell tomcat that my cert is trusted?
> If you have mod_jk (and thus Apache) in front, then why do you need  
> that the communication between Apache and Tomcat would be under SSL ?
> Is it not simpler to have
> client --> HTTPS --> Apache --> mod_jk, non SSL --> Tomcat
> If the link between Apache and Tomcat is not on the Internet, then  
> there is no reason to carry the SSL overhead over to Tomcat. Let  
> Apache and the client deal with it, and just talk AJP between Apache  
> and Tomcat.
> If you need to forward the user-id from Apache to Tomcat, then just  
> set the "tomcatAuthentication" attribute of the AJP Connector to  
> false, and Tomcat will "believe" the user-id forwarded by mod_jk.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message