Return-Path: 
 <users-return-229226-apmail-tomcat-users-archive=tomcat.apache.org@tomcat.apache.org>
X-Original-To: apmail-tomcat-users-archive@www.apache.org
Delivered-To: apmail-tomcat-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 26EF77899
	for <apmail-tomcat-users-archive@www.apache.org>;
 Wed,  9 Nov 2011 12:22:57 +0000 (UTC)
Received: (qmail 79880 invoked by uid 500); 9 Nov 2011 12:22:54 -0000
Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org
Received: (qmail 79709 invoked by uid 500); 9 Nov 2011 12:22:53 -0000
Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@tomcat.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@tomcat.apache.org>
List-Post: <mailto:users@tomcat.apache.org>
List-Id: <users.tomcat.apache.org>
Reply-To: "Tomcat Users List" <users@tomcat.apache.org>
Delivered-To: mailing list users@tomcat.apache.org
Received: (qmail 79696 invoked by uid 99); 9 Nov 2011 12:22:53 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 12:22:53 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of pid@pidster.com designates
 74.125.82.173 as permitted sender)
Received: from [74.125.82.173] (HELO mail-wy0-f173.google.com) (74.125.82.173)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 12:22:45 +0000
Received: by wyh22 with SMTP id 22so1989447wyh.18
        for <users@tomcat.apache.org>; Wed, 09 Nov 2011 04:22:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=pidster.com; s=google;
        h=message-id:date:from:reply-to:organization:user-agent:mime-version
         :to:subject:references:in-reply-to:x-enigmail-version:openpgp
         :content-type;
        bh=lkrNVrh+uDcIRyX/WcvhFzm22LbveMHu3Pc7hmY14JY=;
        b=fN2XAwJQiBNW4PKOacOWkxLu9zaAYIRhM1K6VXOKo9EbPyGoichypbXJIKRTnLVWDo
         Kz//Slauul/+kLmWXS9kZPsalpz08cclW9zwuam9AXLMw3GIElqACueQHV6/Zys22pWL
         ZHwbkFFMqfJ2jbul4toibsxUpGy4oQbZSFBqw=
Received: by 10.180.81.163 with SMTP id b3mr2519456wiy.20.1320841345019;
        Wed, 09 Nov 2011 04:22:25 -0800 (PST)
Received: from Asura.local (host81-134-96-109.in-addr.btopenworld.com.
 [81.134.96.109])
        by mx.google.com with ESMTPS id k5sm2755415wiz.9.2011.11.09.04.22.23
        (version=SSLv3 cipher=OTHER);
        Wed, 09 Nov 2011 04:22:24 -0800 (PST)
Message-ID: <4EBA707F.1070405@pidster.com>
Date: Wed, 09 Nov 2011 12:22:23 +0000
From: Pid <pid@pidster.com>
Reply-To: pid@pidster.com
Organization: Pidster Inc
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7;
 rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: SSL for modjk and tomcat
References: 
 <CAKJnvaPXPH9Wj0iXw3z1e8z37N68u7YMzv7pGt-=tDHB0YSH9A@mail.gmail.com>
 <4EBA5342.7040706@ice-sa.com>
 <CAKJnvaOWpzqeoZYB9qDSgRmAKjcQy_BMn=pbe5LFLE4Y7RNbjg@mail.gmail.com>
In-Reply-To: 
 <CAKJnvaOWpzqeoZYB9qDSgRmAKjcQy_BMn=pbe5LFLE4Y7RNbjg@mail.gmail.com>
X-Enigmail-Version: 1.3.2
OpenPGP: id=62590808
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="------------enigFF7933C4D6E4F4A67FF1215A"
X-Virus-Checked: Checked by ClamAV on apache.org

--------------enigFF7933C4D6E4F4A67FF1215A
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 09/11/2011 11:20, Harsimranjit singh Kler wrote:

Please don't top-post.

> hi
>=20
> Thanks for reply.
>=20
> There are some parameters whate they are for i saw like:
> :
>=20
>=20
>=20
> JkExtractSSL On
>=20
> JkHTTPSIndicator HTTPS
>=20
> JkSESSIONIndicator SSL_SESSION_ID
>=20
> JkCIPHERIndicator SSL_CIPHER
>=20
> JkCERTSIndicator SSL_CLIENT_CERT
> and
>=20
>=20
> JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
>=20
> JkExtractSSL
>=20
> etc etc
>=20
> these are not helpful?

They are helpful and do serve a purpose.

Whether that has any bearing on your problem is a different matter
altogether.  You might consider explaining more clearly what you are
trying to achieve.


> and some one post like this:
>=20
> http://ask.metafilter.com/53101/How-do-I-force-HTTPS-in-Tomcat-through-=
Apache-and-modjk
>=20
> is also wrong?

Have you read any of the Tomcat documentation, or are you just googling?


p


> On Wed, Nov 9, 2011 at 3:47 PM, Andr=E9 Warnier <aw@ice-sa.com> wrote:
>=20
>> Harsimranjit singh Kler wrote:
>>
>>> Hi
>>> I am using httpd 2.2.17 modjk 1.2.30 tomcat 6.0.I want to enable SSL =
in my
>>> setup.
>>>
>>> i Am able to successfully on httpd.but there is lot of confusion how =
to
>>> enable between httpd to AJP  & AJP to tomcat.
>>>
>>> There is no confusion. You can't do that. There is no SSL variant of =
the
>> AJP protocol.
>>
>>
>> There is not specific documentation also.
>>>
>>
>> For the same reason.
>>
>>
>>
>>> 1) what are step for modjk configurations?
>>> 2)Is AJP support SSL?
>>>
>>
>> No. That should have been the first question.
>>
>>
>> 3)Changes in server.xml for AJP port to support SSL requests via modjk=
?
>>>
>>> None, see above.
>>
>> Note : what you /can/ do, is to use mod_jk to pass all relevant SSL
>> information about the original client<->Apache connection, to Tomcat, =
via
>> HTTP headers.
>>
>> Additional note : of course, if you would really must do this, you cou=
ld
>> still run the mod_jk-to-Tomcat connection over an SSL tunnel.  But tha=
t
>> would be something set up totally outside of Apache, Tomcat and their
>> configuration.
>> E.g.
>>
>> browser <-- HTTPS -->  apache + mod_jk -> localhost:localport1
>>
>> localport1 <-- SSL tunnel --> remoteport1 --> remote AJP port 8009 -->=

>> Tomcat
>>
>> ------------------------------**------------------------------**------=
---
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.org<users-un=
subscribe@tomcat.apache.org>
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>=20


--=20

[key:62590808]


--------------enigFF7933C4D6E4F4A67FF1215A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCgAGBQJOunB/AAoJEGoM2OGpOvr9x1cQAI89txFTFRZsFsTkXnoyj+NW
5DrMB6QT/JN/10XrF+MmLab+htXyiHcsNGYdRzfbWj6uMJyouedh+MMk/INHeCK4
dvcv5AfnuzJrLRxjcTnx8imIz8phUnokiUbcR1BBHon+gCP5OQADxNug+87IZ+1S
GS/kgkYpzuKW8AfS8WVa6+AmYPsTLfiO7l0Cu7eGCxobFbmonGU0KOdXm8sgD8VG
m6gIEOcuYsOMgKRjSYkREUhST9R6ydsWDxBR6vI9NDjnmcM11n3IE0pR8+HDaNk0
cgP9x8aHLQW8znb9dfON189FZcafZa3FiNNBwqM7CEGmlHV2rb3iY8uQZsnkuwSr
cA0EyM4TzEnblblPR27K1BvB58AlaA5uxm9ECrazbELKZJy8Y9yDtxq0OJfcMKzE
3SJXWzDFBv89bCaigfQ9riZYEEuwU4NmK0+Ennt2ebIpiqZtocAyUy/6vHDbhZ0N
vUtygAcVz24sGwpAeakLZyZtpxw3ksW+vSSea5v511g+l2wz03u/6q5in8MhPdLa
7G5A3I2VJw3nndhWWaFRFKlRurwREx0joUkn8Jab9rldqf6L+qaoklWccMvx6dwx
NZ9pR00F7IhdUickZbAF2p2IprHMH1OC16ohAu8Gkz87/MyuDgeEPk8UqMRR76Aa
nkQMPyTU4B0cKndmsmoQ
=yu7n
-----END PGP SIGNATURE-----

--------------enigFF7933C4D6E4F4A67FF1215A--