Hi all, Information Tomcat 5.5.34 - standard installation but using port 80 (SSL Offload done from Netscaler Router to Application Server) Operating System Windows 2008 R1 SP2 64-bit
Problem Description: When trying to access Tomcat home page from SSL request with SSL offload to Tomcat we get a internet explorer cannot display the page, using URL https://Name.xxx.com.au/ However, when we add an extra forward slash, it works. https://Name.xxx.com.au// Similar for our installed application https://Name.xxx.com.au/application fails, but https://Name.xxx.com.au/application/ works (i.e. trailing slash) This behaviour only seems to occur when doing SSL offload from external address, whereas internally, http://localhost/ or from another internal computer http://servername/ or http://ipaddress/ works fine. i.e. no SSL offload required because its internal traffic. However, if internally, we test the SSL by routing via the Netscaler, using SSL it also does not work as expected. https://dnsname-point-to-netscaler/ fails, but https://dnsname-point-to-netscaler// works. Again, extra trailing slash required. This is very strange, because this is happening with the default installation of Tomcat no changes to any conf files, apart from choosing port 80 on installation. The network traffic would look like this: 1. SSL Request from client (https://name.xxx.com.au/) 2. Routes to Netscaler router as SSL 3. Netscaler does SSL offload (i.e. SSL cert is correctly installed) 4. Traffic routed to Application Server running Tomcat on port 80 5. internet explorer cannot display the page However, if we add the extra slash it works: 1. SSL Request from client (https://name.xxx.com.au//) 2. Routes to Netscaler router as SSL 3. Netscaler does SSL offload (i.e. SSL cert is correctly installed) 4. Traffic routed to Application Server running Tomcat on port 80 5. Success We have also tried playing with vhosts and aliases with no luck. We think this could be some sort of Tomcat behaviour, but have not ruled out something on the Netscaler. As such, would any of you have any insights as to why this strange behaviour might be occurring? Could it be a problem with the Apache implementation of HTTP 1.1? I hope I am mailing to the right place, and apologies if this is not the right place, happy to redirect somewhere else as approprite. Thanks, Andrew. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
