https server behind apache
Hi, I set up a virtual host for ssl in apache, www.sample.com, it uses mod_proxy to redirect to a tomcat server: ProxyPass / https://localhost:8443/ ProxyPassReverse / https://localhost:8443/ ProxyPreserveHost on SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/httpd/sample.crt SSLCertificateKeyFile /etc/httpd/sample.key do I need a jks in the tomcat side? Thanks, Angelo -- View this message in context: http://old.nabble.com/https-server-behind-apache-tp32081628p32081628.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ssl and host name not match
Hi, I got a virtual host: sample.com ... for some reason, the jks in the tomcat is for sample.com, when calling this server with httpclient, it always get: javax.net.ssl.SSLException: hostname in certificate didn't match: != even there is an alias sample.com. any fix on this? Thanks, Angelo -- View this message in context: http://old.nabble.com/ssl-and-host-name-not-match-tp32081887p32081887.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ssl and host name not match
i opted for #3 and it works, thanks. awarnier wrote: > > AngeloChen wrote: >> Hi, >> >> I got a virtual host: >> >> > unpackWARs="true" autoDeploy="true" >> xmlValidation="false" xmlNamespaceAware="false" > >> sample.com >> ... >> >> for some reason, the jks in the tomcat is for sample.com, when calling >> this >> server with httpclient, it always get: >> >> javax.net.ssl.SSLException: hostname in certificate didn't match: >> != >> >> even there is an alias sample.com. >> >> any fix on this? Thanks, >> > There is no "fix" for this, because it is not a problem. The client and > the server are > working the way they should : > - the client connects to a server, thinking it is "www.sample.com" > - the server returns a certificate for the host "sample.com" > - the client sees that the certificate is not for the host that it > requested, so it gives > an error. > The in your configuration is just a way for Tomcat to handle the > request with the > corresponding virtual host. But it does not change the content of the > certificate. > > There are different ways to avoid the error : > a) have the client connect to "sample.com" instead. Because of the Alias, > the Tomcat > virtual host will be the same, and it will return a certficate for > "sample.com", so the > client will be happy too. > b) use a wildcard certificate for "*.sample.com" > c) change the certificate to be for "www.sample.com" > ... > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/ssl-and-host-name-not-match-tp32081887p32083029.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
upgrading from 6.0.20 to 6.0.35
hi, how easy is to upgrade? can i use the server.xml in 6.0.20 without changes in 6.0.35? thanks, angelo -- View this message in context: http://old.nabble.com/upgrading-from-6.0.20-to-6.0.35-tp32938729p32938729.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Does mod_dosevasive work in this situation?
Hi, I have tomcat running behind apache http server using mod_proxy, I'd like to stop some DOS attacks, and thinking of installing http://www.zdziarski.com/blog/?page_id=442 mod_evasive , is this effective considering all the traffic is being proxied to tomcat ? Thanks, Angelo -- View this message in context: http://old.nabble.com/Does-mod_dosevasive-work-in-this-situation--tp30505994p30505994.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
