Update: So after re-re-reading the docs, since TC is not my standalone webserver, I should configure Apache (httpd) for SSL. That seems to be what I am reading.
On Tue, Aug 4, 2009 at 3:43 PM, Josh Gooding <josh.good...@gmail.com> wrote: > wait a sec here. I'm a little confused. Let me ask it this way. I have a > Login.jsp file that takes uname / pwd and uses j_security_check for > authentication. That is the only thing that I want HTTPS on. Everything > else is not important. > > I have setup Apache (httpd) and am forwarding the 1 html file in the server > via it and the rest is built on JSP so tomcat is serving them. So which > server do I configure for HTTPS? My thoughts would be the tomcat since it > is the one serving JSP, or course, I'm still really learning about SSL & how > to make it play with Tomcat so I don't want to say I'm clueless, but I'm > having a hard time here. I have the docs and an OReilly book here, but > there seem to be many options on how to configure SSL. The SSL Cert that we > have came with the server package we bought. It is signed by Geo-Trust(?), > so naturally we want to use that one instead of generating our own. > > Any thoughts? Again I am sorry if it seems I'm being thick skulled, i'm > just rather more new with SSL than anything. > > Thanks agan > > - Josh > > > On Wed, Jul 29, 2009 at 4:24 AM, Wesley Acheson > <wesley.ache...@gmail.com>wrote: > >> I thought that you only had to set up on apache (httpd server). Thats the >> way I got it working. >> >> see >> >> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL%20and%20Tomcatrelevenat >> excet below >> *SSL and Tomcat* >> >> *It is important to note that configuring Tomcat to take advantage of >> secure >> sockets is usually only necessary when running it as a stand-alone web >> server.* When running Tomcat primarily as a Servlet/JSP container behind >> another web server, such as Apache or Microsoft IIS, it is usually >> necessary >> to configure the primary web server to handle the SSL connections from >> users. Typically, this server will negotiate all SSL-related >> functionality, >> then pass on any requests destined for the Tomcat container only after >> decrypting those requests. Likewise, Tomcat will return cleartext >> responses, >> that will be encrypted before being returned to the user's browser. In >> this >> environment, Tomcat knows that communications between the primary web >> server >> and the client are taking place over a secure connection (because your >> application needs to be able to ask about this), but it does not >> participate >> in the encryption or decryption itself. >> >> >> >> >> On Mon, Jul 27, 2009 at 6:18 PM, Serge Fonville <serge.fonvi...@gmail.com >> >wrote: >> >> > > Just an update. I decided to change up what I was doing. Instead of >> > > starting with SSL on tomcat, I ported Apache and Tomcat to work >> together >> > on >> > > my local test server. Now I am going to do the APR. Do I need to >> > configure >> > > SSL on both Apache and Tomcat or just Tomcat? >> > >> > If all connections go via httpd. just httpd. otherwise both >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> > For additional commands, e-mail: users-h...@tomcat.apache.org >> > >> > >> > >
