SSL setup Apache -> Tomcat

[Denise Mangano <De...@complusdata.com>]

Ok, I  have been reading through the archives of this list and this is not
good....

I have one registered domain for which I purchased a certificate for.
Apache is set up to use this certificate, and I can access my Apache app
through https://.  Now I added some JSP to my site, and I need this JSP to
be secure as well.  I've seen this mentioned a number of times, and as you
guess when I try to access https://mydomain.com/mywebapps the server
infinitely hangs.  I just finished reading how SSL from Apache to Tomcat is
not implemented...  Is this true?  Is the scenario I want not possible?

Can I set up my certificate separately in the Tomcat config files? Will this
work?  The Apache app processes a server side transaction and on the last
page the connection to my backend system is ended as the last page is
loaded.  This last page has a link that when clicked, only sends 2
non-critical variables to my JSP.  But as I mentioned I need this JSP to be
secure.  ... so even if the SSL connection is broken, then renewed on the
Tomcat side, that would be sufficient (both are under same domain name, and
on same physical box)... Any suggestions?

Thanks!

Btw...where is everyone today? Does the whole world besides me get off early
on Friday's?? ; )

Denise Mangano

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: SSL setup Apache -> Tomcat

[Chris McCabe <ch...@choicehotels.com>]

You should be able to get Tomcat and Apache to work together with SSL by 
using the JK connector.  In our experience, the JK connector is the only 
one that works.  The webapp connector truncates pages, and the JK2 
connector just does not work with https connections for some reason.

Keep in mind that when using Tomcat, you have one of the following 
situations:

Internet -> Tomcat -> Servlet
or
Internet -> Apache -> Tomcat -> Servlet

You only need SSL between the Internet and whatever is talking to it, so 
if you are using Apache, it is the only piece that needs to talk SSL 
unless your Apache -> Tomcat connection also goes over the internet 
(unlikely).  So don't worry about SSL within Tomcat.

You should be able to put your JkMount and LoadModule statements at the 
top level of your httpd.conf file and have it work for both http and 
https connections.  It seems to work that way for us anyway.

Chris

Denise Mangano wrote:

>Ok, I  have been reading through the archives of this list and this is not
>good....
>
>I have one registered domain for which I purchased a certificate for.
>Apache is set up to use this certificate, and I can access my Apache app
>through https://.  Now I added some JSP to my site, and I need this JSP to
>be secure as well.  I've seen this mentioned a number of times, and as you
>guess when I try to access https://mydomain.com/mywebapps the server
>infinitely hangs.  I just finished reading how SSL from Apache to Tomcat is
>not implemented...  Is this true?  Is the scenario I want not possible?
>
>Can I set up my certificate separately in the Tomcat config files? Will this
>work?  The Apache app processes a server side transaction and on the last
>page the connection to my backend system is ended as the last page is
>loaded.  This last page has a link that when clicked, only sends 2
>non-critical variables to my JSP.  But as I mentioned I need this JSP to be
>secure.  ... so even if the SSL connection is broken, then renewed on the
>Tomcat side, that would be sufficient (both are under same domain name, and
>on same physical box)... Any suggestions?
>
>Thanks!
>
>Btw...where is everyone today? Does the whole world besides me get off early
>on Friday's?? ; )
>
>Denise Mangano
>
>--
>To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
>For additional commands, e-mail: <ma...@jakarta.apache.org>
>
>  
>

-- 
Chris P. McCabe  - Principal Engineer
Choice Hotels International - Information Technology
chris_mccabe@choicehotels.com 602-953-4416






--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>