tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <>
Subject Re: SSL and non SSL configuration on tomcat 6.0.26, confused
Date Fri, 25 Jun 2010 17:18:39 GMT
On 25/06/2010 17:56, John-Paul Ranaudo wrote:
> Our environment:
> Unix Solaris 5.9
> Tomcat 6.0.26
> JVM 1.6.20
> Our application runs in two frameworks. One uses https one does not. I am
> trying to configure the tomcat connectors to work but when I get it working
> in one framework it does not work in the other.
> *I have been told we do not need to 'handle' SSL totally as this is handled
> by our load balancers. Not sure what these means*.

That usually means that the load-balancer is decoding the SSL connection
and passing an unencrypted connection through to the servers in the
cluster, which then don't need to repeat the effort.

> For example: In one framework we'll get permission denied errors and the
> other will work. If we change things around the opposite occurs but instead
> of permission errors we get invalid certificate error.
> The tomcat documentation on connectors does not describe the options very
> well.

This link, or another one? Support

> <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000"/>
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="false"
> maxThreads="150" scheme="https" secure="false" clientAuth="false"
> sslProtocol="TLS"/>

Looks like a few odd things going on there.


You'll need to set at least one of those to true.

If the connector on 443 is supposed to be decoding SSL connections
there's a lot more config you'll need too.   See the link above.

> The above connectors work with the http framework but gives me the "mixed
> content warning" in IE because some requests are http and some https.

That's nothing to do with the Connectors per se.  If your web app is
mixing references to secure and insecure pages, you'll get that warning.

You need to fix your app so it does the right thing.


> It's obvious I have not worked with SSL very much. Any help would be greatly
> appreciated.
> Regards,
> John Ranaudo

View raw message