You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Dave Weis <dj...@businessolver.com> on 2001/04/09 18:40:35 UTC
ssl with apache
I've got Tomcat 3.2.1 working fine with apache via http, but can't get
it to do ssl properly.
Is there a minimum version of mod_ssl that needs to be used? The
signature of my server is Apache/1.3.9 Ben-SSL/1.37 Server. Adding the
line "SSLOptions +StdEnvVars +ExportCertData" from the howto at
http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/tomcat-ssl-howto.html
gives an error at startup.
This is what I have in my httpsd.conf file
JkWorkersFile /usr/local/jakarta-tomcat-3.2.1/conf/workers.properties
JkLogFile /usr/local/jakarta-tomcat-3.2.1/logs/mod_jk.log
JkLogLevel warning
# Should mod_jk send SSL information to Tomact (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is
SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT
Inside of a vhost:
JkMount /mydir/servlet/* ajp13
JkMount /mydir/*.jsp ajp13
This does all work with the non-ssl version.
dave
--
Dave Weis
Re: ssl with apache
Posted by Dave Weis <dj...@businessolver.com>.
Alexander Banthien wrote:
> did you get it to work finally? What you said, made my setup run.
>
> Assuming you did manage to get it to run: did yu ever try to access the SSL-Data
> (e.g SSL_SESSION_ID) from within your web-app? I have to do this and do not
> really know how to.
>
> As far as I could see (sniffing in the network), some additional data are
> transferred from apache to tomcat via ajp13. But they are rather cryptic, I can't
> interpret them.
No, I didn't get it running. What I was doing now didn't require SSL but
I will probably end up trying to get mod_ssl running instead of
apache-ssl. We are using the stronghold server.
dave
> Dave Weis schrieb:
>
> > I've got Tomcat 3.2.1 working fine with apache via http, but can't get
> > it to do ssl properly.
> >
> > Is there a minimum version of mod_ssl that needs to be used? The
> > signature of my server is Apache/1.3.9 Ben-SSL/1.37 Server. Adding the
> > line "SSLOptions +StdEnvVars +ExportCertData" from the howto at
> > http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/tomcat-ssl-howto.html
> > gives an error at startup.
> >
> > This is what I have in my httpsd.conf file
> >
> > JkWorkersFile /usr/local/jakarta-tomcat-3.2.1/conf/workers.properties
> > JkLogFile /usr/local/jakarta-tomcat-3.2.1/logs/mod_jk.log
> > JkLogLevel warning
> >
> > # Should mod_jk send SSL information to Tomact (default is On)
> > JkExtractSSL On
> > # What is the indicator for SSL (default is HTTPS)
> > JkHTTPSIndicator HTTPS
> > # What is the indicator for SSL session (default is SSL_SESSION_ID)
> > JkSESSIONIndicator SSL_SESSION_ID
> > # What is the indicator for client SSL cipher suit (default is
> > SSL_CIPHER)
> > JkCIPHERIndicator SSL_CIPHER
> > # What is the indicator for the client SSL certificated (default is
> > SSL_CLIENT_CERT)
> > JkCERTSIndicator SSL_CLIENT_CERT
> >
> > Inside of a vhost:
> >
> > JkMount /mydir/servlet/* ajp13
> > JkMount /mydir/*.jsp ajp13
> >
> > This does all work with the non-ssl version.
--
Dave Weis
businessolver, Inc.
djweis@businessolver.com
http://www.businessolver.com/
Re: ssl with apache
Posted by Alexander Banthien <ba...@justec.de>.
Hi Dave,
did you get it to work finally? What you said, made my setup run.
Assuming you did manage to get it to run: did yu ever try to access the SSL-Data
(e.g SSL_SESSION_ID) from within your web-app? I have to do this and do not
really know how to.
As far as I could see (sniffing in the network), some additional data are
transferred from apache to tomcat via ajp13. But they are rather cryptic, I can't
interpret them.
Grateful for any hints,
Alexander
Dave Weis schrieb:
> I've got Tomcat 3.2.1 working fine with apache via http, but can't get
> it to do ssl properly.
>
> Is there a minimum version of mod_ssl that needs to be used? The
> signature of my server is Apache/1.3.9 Ben-SSL/1.37 Server. Adding the
> line "SSLOptions +StdEnvVars +ExportCertData" from the howto at
> http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/tomcat-ssl-howto.html
> gives an error at startup.
>
> This is what I have in my httpsd.conf file
>
> JkWorkersFile /usr/local/jakarta-tomcat-3.2.1/conf/workers.properties
> JkLogFile /usr/local/jakarta-tomcat-3.2.1/logs/mod_jk.log
> JkLogLevel warning
>
> # Should mod_jk send SSL information to Tomact (default is On)
> JkExtractSSL On
> # What is the indicator for SSL (default is HTTPS)
> JkHTTPSIndicator HTTPS
> # What is the indicator for SSL session (default is SSL_SESSION_ID)
> JkSESSIONIndicator SSL_SESSION_ID
> # What is the indicator for client SSL cipher suit (default is
> SSL_CIPHER)
> JkCIPHERIndicator SSL_CIPHER
> # What is the indicator for the client SSL certificated (default is
> SSL_CLIENT_CERT)
> JkCERTSIndicator SSL_CLIENT_CERT
>
> Inside of a vhost:
>
> JkMount /mydir/servlet/* ajp13
> JkMount /mydir/*.jsp ajp13
>
> This does all work with the non-ssl version.
>
> dave
>
> --
> Dave Weis
--
------------------------------------------------
Alexander Banthien banthien@justec.de
JusTec GmbH +49 761 401269 41
Haslacher Str. 126 +49 761 401269 13 (Fax)
79115 Freiburg Germany
------------------------------------------------