tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Is SSL keystore with AJP connector possible?
Date Thu, 19 Jan 2012 00:39:46 GMT
> From: mandg [mailto:gscanga@federatedinv.com] 
> Subject: Is SSL keystore with AJP connector possible?

> I see that the AJP/1.3 connector is configured and not APR.

APR will be used automatically for HTTP <Connector>s if the tcnative-1.dll file is found
in Tomcat's bin directory and the APR listener is present in server.xml (which it is by default).

> I followed the Tomcat instructions for configuring SSL.

There are two sets of instructions for configuring SSL; one for APR, another for the pure
Java ones.  The two configurations are completely different.

> can I use a keystore for the AJP type of connector?

SSL cannot be configured for AJP, since the expectation is that anything talking to Tomcat
via AJP is doing so over a private, secure network.  If you are using a front end (e.g., httpd,
IIS) communicating via AJP with Tomcat, the SSL termination point would normally be in the
front end, not within Tomcat.

Read the <Connector> documentation first, then the SSL doc.

http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message