You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by John MccLain <jm...@tcshealthcare.com> on 2004/02/27 19:59:55 UTC
round trip SSL question
What we want to do is have round trip, SSL encryption when our clients use
our webapps AND not have the port number as part of the URL. There are 3
scenarios:
1) Our client is using IIS to serve their current webapps some of these
apps could be employing SSL. How do we insure that JSPs and Servlets that
are redirected to Tomcat are talking with IIS securely encrypted? I
understand that typical redirection from IIS to tomcat is always decrypted,
cleartext.
2) Our client is using IIS to serve their current webapps none of their
apps employ ssl. Can (and should) we setup IIS and Tomcat so that SSL
requests go directly to Tomcat (Tomcat talks to client directly when SSL
request issued) and standard HTTP requests goto IIS?
3) Our client does NOT want to use IIS how do you setup tomcat to be a
secure webapp server? (this is not as big a problem as numbers 1 and 2)
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org