SSL Tomcat and Apache.

[Jason Lanpher <jl...@stealthnetworking.com>]

Hi all,
       
      I have a question for all of you network admins out there.  I am
wondering if it is possible to share an ssl key between both Apache 2.X and
Tomcat 5.X if they are connected via mod jk.  Is this possible or does each
server have to have its own ssl key?
       

Thanks in advance for all of you thoughts on the matter.


Jason Lanpher

Re: SSL Tomcat and Apache.

[Filip Hanik - Dev Lists <de...@hanik.com>]

Jason Lanpher wrote:
> Hi all,
>        
>       I have a question for all of you network admins out there.  I am
> wondering if it is possible to share an ssl key between both Apache 2.X and
> Tomcat 5.X if they are connected via mod jk.  Is this possible or does each
> server have to have its own ssl key?
>   
you sure can share a key, but why do you need a SSL key for Tomcat if 
you are connecting to it using mod_jk?
mod_jk/AJP doesn't support SSL.

Filip
>        
>
> Thanks in advance for all of you thoughts on the matter.
>
>
> Jason Lanpher
>
>   
> ------------------------------------------------------------------------
>
> No virus found in this incoming message.
> Checked by AVG Free Edition. 
> Version: 7.5.472 / Virus Database: 269.8.15/848 - Release Date: 6/13/2007 12:50 PM
>   


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: SSL Tomcat and Apache.

[Arian Abrahantes Quintana <Ar...@cern.ch>]

Hi:
 
I am not an expert but just a thought. Apache is proxing to tomcat (I assume that both at the same server) if this comunication is internal, the browser (user) just contact apache thru an enchripted comunication (https) and apache determines what to do, am I right? why do you need the internal comnication to be enchripted as well? If you make it posible (double enchription) you probably add double security to the user, a single one is not enought? And of course slowing the connection down.
 
hth,
 
arian

________________________________

From: Jason Lanpher [mailto:jlanpher@stealthnetworking.com]
Sent: Thu 6/14/2007 9:23 PM
To: users
Subject: SSL Tomcat and Apache.



Hi all,
      
      I have a question for all of you network admins out there.  I am
wondering if it is possible to share an ssl key between both Apache 2.X and
Tomcat 5.X if they are connected via mod jk.  Is this possible or does each
server have to have its own ssl key?
      

Thanks in advance for all of you thoughts on the matter.


Jason Lanpher

RE: SSL Tomcat and Apache.

[Nathan Hook <ho...@hotmail.com>]

You should be able to use the same key for both Apache and Tomcat.

However...

If you're using Apache to forward all requests to Tomcat via mod_jk then it 
is my understanding that you do not need SSL for Tomcat.

Apache would handle all the the ssl part and then forward a normal request 
to Tomcat via AJP.


Regards.



----Original Message Follows----
From: "Jason Lanpher" <jl...@stealthnetworking.com>
Reply-To: "Tomcat Users List" <us...@tomcat.apache.org>
To: users <us...@tomcat.apache.org>
Subject: SSL Tomcat and Apache.
Date: Thu, 14 Jun 2007 14:23:06 -0500

Hi all,

       I have a question for all of you network admins out there.  I am
wondering if it is possible to share an ssl key between both Apache 2.X and
Tomcat 5.X if they are connected via mod jk.  Is this possible or does each
server have to have its own ssl key?


Thanks in advance for all of you thoughts on the matter.


Jason Lanpher

_________________________________________________________________
PC Magazine’s 2007 editors’ choice for best Web mail—award-winning Windows 
Live Hotmail. 
http://imagine-windowslive.com/hotmail/?locale=en-us&ocid=TXT_TAGHM_migration_HM_mini_pcmag_0507


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org