tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: SSl Query-- please help
Date Sun, 21 Oct 2012 10:08:27 GMT
Thanks André for such a elaborate reply.
Just want to check another thing, is it possible to setup SSL at  tomcat level using mod_proxy
module.. But i think it does not work in load balancing case. Does my understanding is correct??

Thanks for your support,

On Oct 20, 2012, at 7:21 PM, André Warnier <> wrote:

> vivek aggarwal wrote:
>> Hello All,
>> I need to setup the SSL over my tomcat ,which i am able to do it by generating Self
signed certificate using Keytool
>> But when  i am redirecting the request form apache using "mod_jk "module its not
>> I am not sure how to make Apache & Tomcat work in SSL when using Mod_jk module
as i need load balancing
>> Can someone please share the steps for doing ssl setup when apache is used along
with Tomcat
> A simplified graphical view of the recommended setup :
> browser <- HTTPS -> Apache + mod_jk <- AJP -> Tomcat-1 (AJP Connector)
>                                    <- AJP -> Tomcat-2 (AJP Connector)
>                                    ...
>                                    <- AJP -> Tomcat-n (AJP Connector)
> In other words, you should handle the HTTPS/SSL at the front-end Apache httpd level,
not at the Tomcat level.  (This is also sometimes called "terminating SSL at the Apache level").
> The reason is that the AJP protocol does not support HTTPS/SSL (so, there is no way to
set up the AJP Connector in Tomcat for SSL) (and no way to set up mod_jk to "talk SSL to Tomcat").
> What the Apache/mod_jk combination can do however, is pass on all the required SSL headers
of the original requests to Tomcat, over the AJP connection, so that a Tomcat application
could make use of them.
> To see how to set up Apache for SSL, check the Apache httpd on-line documentation.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message