RE: SSL support for Tomcat 3.2.1 with IIS

[Svensson Stefan <st...@wmdata.com>]

Hi,

I have just tried out SSL with Windows 2000, IIS 5 and Tomcat 3.2.1
succesfully (at least partially).

As you are using IIS to serve http/https requests you are installing the
certificate and configure SSL in the IIS. It's very easy, just use the
Server Certificate Wizard to request and install a certificate (Properties,
Directory Security).

No configuration is required in Tomcat.

It seems that you can only set "Require secure channel" (edit button on the
Directory Security tab), to allow only https access, on root and virtual
directorys, i. e the whole web application. It doesn't work if you set in on
individual jsp-files or subdirectories (whats the difference compared to a
virtual directory, because the virtual directory corresponds to a context in
Tomcat or?!). It seems that the ISAPI filter processes the jsp-file before
IIS understand that it shouldn't be accesible through normal http.

But you can programmatically control this through checking with
"request.isSecure()" in your jsp-files if you for some reason don't whant
the whole web application to require https, just parts of it.

Best regards,
/Stefan Svensson


> Date: Mon, 21 May 2001 11:30:43 -0400
> To: "tomcat-user" <to...@jakarta.apache.org>
> From: "Hawkins, Keith (Keith)" <kp...@avaya.com>
> Subject: SSL support for Tomcat 3.2.1 with IIS 
> Message-ID: >>
<EF...@nj7460avexu2.global.avaya.com>

> If one is deploying ISS + Tomcat 3.2.1,  what is required to
> support SSL connections via HTTPS?
>
> Is the configuration done in ISS,   Tomcat,  or both?
>
> Thanks,
> Keith