One more thing. Here is my server.xml information that is relative:
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" SSLRandomSeed="builtin" />
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true"
keystoreFile="C:\Documents and Settings\Zeus\.keystore"
keystorePass="likeIdpostit"
clientAuth="false" sslProtocol="TLS"/>
On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding <[email protected]>wrote:
> Hello again.
>
> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 db, I
> need to clamp the server down tight using SSL. I've already created my
> keystore file and I am able to get the server to serve on port 443 (by going
> to http://localhost:443). I can get it to Subsequent attempts to serve as
> https://localhost are proving not to be fruitful.
>
> I have a webserver (tomcat) that is in development status that I want to
> clamp down. I am using a realm to login using j_security_check to login to
> the software. Right now what I want to do is install the Apache webserver
> and get it talking to tomcat (not hard). I created my keystore file and I
> know it works because I've tested it. What I need to know are these things
> (btw, if they are in the docs, please just say so and I'll look harder)
>
> If I want to use SSL for each person logging into the instance (which is
> using Tomcat to serve) do I need to have SSL on both Apache webserver and
> Tomcat, just the webserver, or just tomcat?
>
> Right now for example, if I go to
> http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>I get a
> simple login / pwd (using j_sec_chk). I'm using a realm
> configuration in my It's not using SSL. Following Tomcat's instructions, I
> have SSL configured on my test server, and it seems to run if I go to
> http://test.com:443/index.jsp. I get the default tomcat page. However if
> I go to https://test.com/index.jsp, I get "cannot connect or website not
> responding" I can't remember which one. Is this a simple configuration
> thing or will this solve itself if I install the webserver and connect tc
> and apache web?
>
> Second, since I am using j_security_check for login, are there native
> classes in tomcat that will allow me to utilize j_sec_chk and SSL? Is there
> another method of logging in that I should use? I can write my own custom
> classes, but I am not really clear on if there is something better that is
> native. i'm looking at needing a 3 strikes and your locked out
> functionality across SSL. This is a simple yes there is a better way and
> it's part of tomcat, or write your custom code. I'm not looking for the
> typical "please do it for me" requests that I normally see on dev / user
> lists.
>
> Since each company has exactly ONE html page (which is only a welcome
> page), I honestly don't see the need to install the webserver except the
> fact that it is the right way of doing things. Is my thinking off on this?
>
> For some reason, my brain is becoming like a sponge for tomcat
> configuration. So forgive me for asking a ton of questions. I'm reading
> both the tomcat documentation and an O'Reilly book on tomcat, and I want to
> get good enough at this that I can configure it in any environment. I
> really enjoy tomcat and become knowledgeable enough that I don't fel like
> such a newbie asking questions. Any insight or direction would be greatly
> appreciated.
>
> Warm regards,
>
> Josh
>
