You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Laurentiu Vasiescu <la...@tri-pen.ro> on 2005/02/14 14:25:59 UTC
tomcat + SSL, apache
Is there any way to have the Tomcat with SSL and a front-end Apache, wich should only serve as a interface between client and tomcat?
I mean tomcat should serve the certificates and do all the ssl, apache only to redirect traffic to it.
thanks.
Laurentiu Vasiescu
Network Administrator
S.A. Tri-Pen TravelMaster Technologies, SRL
Eastern Europe - Bucharest (Romania)
Office: +40 (31) 401 1152
+40 (31) 402 5027
Fax: +40 (21) 323 4357
E-mail: laurentiu.vasiescu@tri-pen.ro
Web: http://www.tri-pen.ro
--------------------------------------------------------------------------------------------
Confidentiality Notice: This email message, including any attachments,
is for the sole use of the intended recipient(s) and may contain confidential
and privileged information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended recipient, please
contact Tri-Pen TavelMaster Technologies at +40 (31) 401 1152 and destroy
all copies of the original message.
--------------------------------------------------------------------------------------------
Re: tomcat + SSL, apache
Posted by Jason Bainbridge <jb...@gmail.com>.
On Mon, 14 Feb 2005 15:25:59 +0200, Laurentiu Vasiescu
<la...@tri-pen.ro> wrote:
>
> Is there any way to have the Tomcat with SSL and a front-end Apache, wich
> should only serve as a interface between client and tomcat?
> I mean tomcat should serve the certificates and do all the ssl, apache only
> to redirect traffic to it.
> thanks.
Google for configuring Apache as a "Forward Proxy", I think that
should do what you want but not 100% sure.
Regards,
--
Jason Bainbridge
KDE - Conquer Your Desktop - http://kde.org
KDE Web Team - webmaster@kde
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: tomcat + SSL, apache
Posted by Wouter Boers <wg...@gmail.com>.
Don't think so. Apache takes on the connection and therefore is in
charge of the SSL handshake. So you will have to confiure apache to
support SSL.
They only way to make tomcat handle the handshake is to make it
directly available to the browser. But guess you allready kind of
suspected it :)
Regards, Wouter
On Mon, 14 Feb 2005 15:25:59 +0200, Laurentiu Vasiescu
<la...@tri-pen.ro> wrote:
>
> Is there any way to have the Tomcat with SSL and a front-end Apache, wich
> should only serve as a interface between client and tomcat?
> I mean tomcat should serve the certificates and do all the ssl, apache only
> to redirect traffic to it.
> thanks.
>
>
> Laurentiu
> Vasiescu
> Network Administrator
>
>
>
>
> S.A. Tri-Pen TravelMaster Technologies, SRL
> Eastern Europe - Bucharest (Romania)
> Office: +40 (31) 401 1152
> +40 (31) 402 5027
> Fax: +40 (21) 323 4357
> E-mail: laurentiu.vasiescu@tri-pen.ro
> Web: http://www.tri-pen.ro
>
>
>
> --------------------------------------------------------------------------------------------
> Confidentiality Notice: This email message, including any attachments,
> is for the sole use of the intended recipient(s) and may contain
> confidential
> and privileged information. Any unauthorized review, use, disclosure or
> distribution is prohibited. If you are not the intended recipient, please
> contact Tri-Pen TavelMaster Technologies at +40 (31) 401 1152 and destroy
> all copies of the original message.
> --------------------------------------------------------------------------------------------
>
>
>
>
>
>
--
Regards, Wouter Boers
business: http://www.abcdarium.nl
personal: http://www.ikke.net
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: tomcat + SSL, apache
Posted by Mladen Turk <ml...@jboss.com>.
Didier McGillis wrote:
> Actually I believe its the opposite. Apache serves the certificate the
> communication between Tomcat and Apache shouldnt be public anyway.
>
Apache makes the SSL handshake and passes any client certificate to
Tomcat. Any servlet sees that like it came directly from Tomcat.
Communication between apache and tomcat is not encrypted,
so if you are concerned about the security, put the apache on the
box with two NIC cards, and use the second for the
apache-tomcat communication.
AJP14 protocol will have encryption embedded, so until then :).
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
RE: tomcat + SSL, apache
Posted by Didier McGillis <co...@hotmail.com>.
Actually I believe its the opposite. Apache serves the certificate the
communication between Tomcat and Apache shouldnt be public anyway.
>From: "Laurentiu Vasiescu" <la...@tri-pen.ro>
>Reply-To: "Tomcat Users List" <to...@jakarta.apache.org>
>To: <to...@jakarta.apache.org>
>Subject: tomcat + SSL, apache Date: Mon, 14 Feb 2005 15:25:59 +0200
>
>Is there any way to have the Tomcat with SSL and a front-end Apache, wich
>should only serve as a interface between client and tomcat?
>I mean tomcat should serve the certificates and do all the ssl, apache only
>to redirect traffic to it.
>thanks.
>
>Laurentiu Vasiescu
>Network Administrator
>
> S.A. Tri-Pen TravelMaster Technologies, SRL
> Eastern Europe - Bucharest (Romania)
> Office: +40 (31) 401 1152
> +40 (31) 402 5027
> Fax: +40 (21) 323 4357
> E-mail: laurentiu.vasiescu@tri-pen.ro
> Web: http://www.tri-pen.ro
>
>
>
>
>--------------------------------------------------------------------------------------------
>Confidentiality Notice: This email message, including any attachments,
>is for the sole use of the intended recipient(s) and may contain
>confidential
>and privileged information. Any unauthorized review, use, disclosure or
>distribution is prohibited. If you are not the intended recipient, please
>contact Tri-Pen TavelMaster Technologies at +40 (31) 401 1152 and destroy
>all copies of the original message.
>--------------------------------------------------------------------------------------------
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org