You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Tam, Michael" <mt...@PFC.Forestry.CA> on 2002/10/02 21:01:11 UTC
RE: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on L
inux RH 7.3)
I believe you have to make Tomcat to listen to port 443 instead of 8443 for
SSL then allow Apache to listen to port 443.
Hope this help.
Cheers,
Michael
-----Original Message-----
From: Gustavo Vegas [mailto:gustavo@colltech.com]
Sent: Wednesday, October 02, 2002 11:56 AM
To: tomcat-user@jakarta.apache.org
Subject: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on
Linux RH 7.3)
Hello everyone,
Here is my problem; I am trying to make SSL requests to Tomcat
through mod_jk, but they do not appear to work. I am even able to see
properly through plain HTTP those pages I want served by Tomcat through
SSL. When I use the https://hosts/directory/page.jsp, I get the source
code of the file. If I try using the 8443 port, it displays properly. I
am also using j2sdk version 1.4.1.
Here is the definition of the virtual host under Apache:
----------------------------------------------------------------------------
-------------------
<IfModule !mod_jk.c>
LoadModule jk_module libexec/mod_jk.so
</IfModule>
JkWorkersFile "/usr/local/apache/conf/workers.properties"
JkLogFile "/web/logs/mod_jk.log"
JkLogLevel debug
NameVirtualHost *
<IfDefine SSL>
# Should mod_jk send SSL information to Tomcat (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_C
ERT)
JkCERTSIndicator SSL_CLIENT_CERT
# Other needed settings
SSLOptions +StdEnvVars +ExportCertData
###############################################################
# (BEGIN) Definition of SSL host.company.com virtual host #
# NOTE: SSL Connections are only supported on IP-based virtual#
# hosts #
###############################################################
<VirtualHost 192.168.25.100:443>
ServerName host.company.com
ServerAdmin root@company.com
DocumentRoot /web/htdocs/host.company.com
ScriptAlias /cgi-bin/ /web/htdocs/host.company.com/www/cgi-bin/
DirectoryIndex index.html index.htm index.shtml index.shtm index.jsp
Alias /reports/ /web/htdocs/host.company.com/reports
JkAutoAlias /export/home/host.company.com
SSLEngine On
SSLCertificateFile /usr/local/XXX/certs/host.company.com.cert
SSLCertificateKeyFile /usr/local/XXX/keys/host.company.com.com.key
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Alias /pfctestssl "/web/htdocs/host.company.com/ssl"
JkMount /pfctestssl/*.jsp ajp13
JkMount /pfctestssl/* ajp13
JkMount /pfctestssl/*.do ajp13
JkMount /pfctestssl/manager ajp13
JkMount /pfctestssl/manager/* ajp13
JkMount /pfctestssl/*/*.jsp ajp13
JkMount /pfctestssl/*/* ajp13
JkMount /pfctestssl/*/*.do ajp13
JkMount /pfctestssl/*/manager ajp13
JkMount /pfctestssl/*/manager/* ajp13
<Location "/pfctestssl/WEB-INF/">
</Location>
<Location "/pfctestssl/WEB-INF/">
AllowOverride None
Deny from all
</Location>
ErrorLog /web/logs/host.company.com/ssl_error_log
CustomLog /web/logs/host.company.com/ssl_access_log combined
TransferLog /web/logs/host.company.com/ssl_transfer_log
</VirtualHost>
###############################################################
# (END) Definition of SSL host.company.com virtual host #
# ##############################################################
</IfDefine>
----------------------------------------------------------------------------
-------------------
I believe this to be a problem with jk_mod not understanding what to do
with the requests for these pages. I even tried to tell it to pass such
requests by adding wildcards for the subdirectories under the ssl
directory, but it did not work. Any help on this issue would be highly
appreciated. BTW, all other configuration bits seem to work. This was
actually working prior to us getting Tomcat talking to a database
server, but this would be extremely weird if it prevents mod_jk from
talking SSL. That is why I am not including any other configuration
files here. If need be, I will post any additional information that
people may want to take a look at.
Thanks,
-- Gustavo Vegas.
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>