Hello again. Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 db, I need to clamp the server down tight using SSL. I've already created my keystore file and I am able to get the server to serve on port 443 (by going to http://localhost:443). I can get it to Subsequent attempts to serve as https://localhost are proving not to be fruitful.
I have a webserver (tomcat) that is in development status that I want to clamp down. I am using a realm to login using j_security_check to login to the software. Right now what I want to do is install the Apache webserver and get it talking to tomcat (not hard). I created my keystore file and I know it works because I've tested it. What I need to know are these things (btw, if they are in the docs, please just say so and I'll look harder) If I want to use SSL for each person logging into the instance (which is using Tomcat to serve) do I need to have SSL on both Apache webserver and Tomcat, just the webserver, or just tomcat? Right now for example, if I go to http://server.com/[companyid] I get a simple login / pwd (using j_sec_chk). I'm using a realm configuration in my It's not using SSL. Following Tomcat's instructions, I have SSL configured on my test server, and it seems to run if I go to http://test.com:443/index.jsp. I get the default tomcat page. However if I go to https://test.com/index.jsp, I get "cannot connect or website not responding" I can't remember which one. Is this a simple configuration thing or will this solve itself if I install the webserver and connect tc and apache web? Second, since I am using j_security_check for login, are there native classes in tomcat that will allow me to utilize j_sec_chk and SSL? Is there another method of logging in that I should use? I can write my own custom classes, but I am not really clear on if there is something better that is native. i'm looking at needing a 3 strikes and your locked out functionality across SSL. This is a simple yes there is a better way and it's part of tomcat, or write your custom code. I'm not looking for the typical "please do it for me" requests that I normally see on dev / user lists. Since each company has exactly ONE html page (which is only a welcome page), I honestly don't see the need to install the webserver except the fact that it is the right way of doing things. Is my thinking off on this? For some reason, my brain is becoming like a sponge for tomcat configuration. So forgive me for asking a ton of questions. I'm reading both the tomcat documentation and an O'Reilly book on tomcat, and I want to get good enough at this that I can configure it in any environment. I really enjoy tomcat and become knowledgeable enough that I don't fel like such a newbie asking questions. Any insight or direction would be greatly appreciated. Warm regards, Josh
