You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Andrew Bubnic <an...@channelmarketing.com.au> on 2006/04/26 02:29:05 UTC

Tomcat + IIS + SSL

Hi,

 

We are currently running tomcat on port 8080 and IIS 6 on port 80, and
depending on what directory the user selects, e.g
http://www.blah.com/redirectToTomcat

 

The request gets forwarded to the appropriate tomcat webapp on port
8080. We are using the Jakarta Isapi Redirector isapi_redirect.dll to do
this. This has worked fine for months.

 

The second I uncomment this section in tomcat's server.xml:

 

    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

    <!--

    <Connector port="8443" 

               maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

    -->

IIS redirection hangs. Accessing tomcat webapp using :8080 still works,
but IIS does not forward to it any longer. I also tried changing the
connector port from 8443 to 9443 but same problem. 

 

To be honest, I'm not sure if I should use an SSL certificate for IIS
and somehow have it take care of security, or to simply add it to the
8443 connector in Tomcat. (that's a less important story)

 

What I really need to know is how to make them work together using
https, with the minimum being IIS redirecting say https://...../blahblah
to tomcat https://.....:8443/blahblah. I've tried this and get the
hanging problem as described above. I've gotten tomcat to work fine with
SSL on my development machine (which does not have IIS redirection at
all) but not on our server which does use IIS.

 

Unfortunately I haven't been able to find anything very useful on this
on Google/forums etc and have minimum time frames to play around testing
different options on the server.

 

I'd appreciate any help/ideas. Thanks.

RE: Tomcat + IIS + SSL

Posted by Tim Lucia <ti...@yahoo.com>.
You should use the AJP connector to communicate between IIS
(isapi_redirect.dll) and Tomcat (via JK).  Let IIS handle the web, ssl, and
port problems. 

Tim

-----Original Message-----
From: Andrew Bubnic [mailto:andrew@channelmarketing.com.au] 
Sent: Tuesday, April 25, 2006 8:29 PM
To: users@tomcat.apache.org
Subject: Tomcat + IIS + SSL

Hi,

 

We are currently running tomcat on port 8080 and IIS 6 on port 80, and
depending on what directory the user selects, e.g
http://www.blah.com/redirectToTomcat

 

The request gets forwarded to the appropriate tomcat webapp on port
8080. We are using the Jakarta Isapi Redirector isapi_redirect.dll to do
this. This has worked fine for months.

 

The second I uncomment this section in tomcat's server.xml:

 

    <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->

    <!--

    <Connector port="8443" 

               maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               clientAuth="false" sslProtocol="TLS" />

    -->

IIS redirection hangs. Accessing tomcat webapp using :8080 still works,
but IIS does not forward to it any longer. I also tried changing the
connector port from 8443 to 9443 but same problem. 

 

To be honest, I'm not sure if I should use an SSL certificate for IIS
and somehow have it take care of security, or to simply add it to the
8443 connector in Tomcat. (that's a less important story)

 

What I really need to know is how to make them work together using
https, with the minimum being IIS redirecting say https://...../blahblah
to tomcat https://.....:8443/blahblah. I've tried this and get the
hanging problem as described above. I've gotten tomcat to work fine with
SSL on my development machine (which does not have IIS redirection at
all) but not on our server which does use IIS.

 

Unfortunately I haven't been able to find anything very useful on this
on Google/forums etc and have minimum time frames to play around testing
different options on the server.

 

I'd appreciate any help/ideas. Thanks.

 

 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org