tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: mod_proxy SSL protocol support for balancermember
Date Fri, 07 Dec 2012 17:07:40 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Arun,

On 12/7/12 11:34 AM, Arunkumar Janarthanan wrote:
> Thanks for the response Gentlemen, I am not really particular about
> the AJP for secure communication as long as I can use https that
> should work for me, the reason for specific secure communication
> between Apache and Tomcat is the PCI compliance enforcing us not to
> have any other protocol other than https.

I didn't realize that PCI required HTTPS for all communications
(actually, I have a hard time believing that, since not all CC
communications even use HTTP... like over a dial-up device).

But, if you must use HTTPS, then you've going to have to abandon AJP.

The configuration posted by Vladimir is pretty much the simplest thing
you could possibly do. If you want to use a self-signed certificate
from httpd->Tomcat, you may have to make arrangements for httpd to
trust that certificate.

If you want to forward the original SSL information back to Tomcat,
you're going to have to read about the various configuration
environment variables for mod_proxy_http and set them appropriately.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEAREIAAYFAlDCIlwACgkQ9CaO5/Lv0PCkhQCfXLyIyyiqlsSVoy3hl/avezBG
YigAoJOOoMTtr9GCpVbNghYqPWuXWbIf
=CcH7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message