> From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] > Subject: Question about SSL > > I need to implement SSL for Tomcat 6.0.24 on Windows 2003 Server R2 SP2 > that is already running IIS 6.0. Should I implement SSL using IIS or > Tomcat?
Probably IIS, but I'm not very familiar with it. Some browsers (guess who?) get confused will SSL over a non-standard port, and IIS has probably already grabbed 443. > When I enable SSL, this means that it is enabled for every webapp > running under that Tomcat? Enabled, but not forced; HTTPS normally uses port 443, regular HTTP port 80. If the client chooses to send the request to 443, it must use SSL. > The user can choose the protocol for the > URL even if it is not required? Yes. > "...It is not strictly necessary to run an entire web application over > SSL, and indeed a developer can pick and choose which pages require a > secure connection and which do not." > Where do I configure this? Read section 12 of the servlet spec. You need to configure a <transport-guarantee> of CONFIDENTIAL for the desired URL pattern(s). This will cause requests over non-secure connections to be redirected to the secure port. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
