You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Stephen A. Cochran Lists" <st...@cahir.net> on 2006/06/13 19:36:04 UTC
Tomcat5, Apache, mod_jk, and SSL
Looks like this is a common subject, but I haven't seen anyone
talking about actually passing the SSL env variables to Tomcat.
Here's my setup:
httpd 2.0.x
Tomcat 5.5.x
mod_jk
Both Tomcat and Apache work over SSL when accessed directly (443, and
8443 respectively). the JkMounts are forwarded correctly from apache
to tomcat.
But Tomcat doesn't seem to be receiving the SSL env vars from Apache.
The debug log for mod_jk shows the actual request that is passed, but
isn't showing anything about the env vars.
Below is my mod_jk.conf (which is in included in httpd.conf). Any
ideas how to get the SSL vars passed so Tomcat can still do the
client cert verification?
Steve
LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/workers.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkRequestLogFormat "%w %V %T"
# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# Should mod_jk send SSL information to Tomact (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_C
ERT)
JkCERTSIndicator SSL_CLIENT_CERT
# Send servlet for context / jsp-examples to worker named worker1
JkMount /jsp-examples worker1
# Send JSPs for context /jsp-examples/* to worker named worker1
JkMount /jsp-examples/* worker1
# redirect of shibboleth
JkMount /shibboleth-idp/* worker1
# CAS
JkMount /cas/* worker1
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org