Are you going to connect apache and tomcat together with warp connector( or equivilent)? If so you only need to put in the ssl stuff in for apache. For tomcat you will want to remove or comment out the http connector in the server.xml file. This will prevent users from going around apache, and getting to the tomcat resources directly.
"Angel, Ronald J" wrote: > > I'm attempting to configure an Apache (apache-1.3.12-2) server > running on RH6.2 (2.2-16.3) with Tomcat 4.0.1 to use SSL. > > Also using JDK 1.3.1.. > > I read & re-read the 'SSL Config HOW-TO' from Apache's web-site. > > I've also gone over the 'Building a Secure RedHat Apache Server HOW-TO'. > > As per the SSL config doc, I've downloaded & installed the JSSE 1.0.2. > (Basically, just move the 3 jar files to the appropriate directory, > correct?) > Created a certificate keystore file and placed in the home dir of the user > which starts Tomcat. Finally I uncommented the SSL Connector line in > server.xml. > > Currently, I don't even think Tomcat is part of the problem, since, I can't > event get to a test page. > >From IE5 https://myServer/~myuser fails with a 'Page cannot be displayed' > error message. (Cannot find server or DNS Error) > However, http://myServer/~myuser works fine. > > Further, http://myServer:443/~myuser & http://myServer:8443/~myuser fail > with the same message as above. > > Questions: > 1) Some of the docs (incl. server.xml) appear to be using port 8443 > while port 443 seems to be the standard (/etc/services), which > should be used? > > 2) Do both apache & tomcat have SSL provisions built in? The RH > Apache docs refer to installing mod_ssl or apache_ssl in addition > to openssl. I was told that Tomcat 4.0+ has them already. This > confused me. I thought 'Apache' took care of the 'httpd' portion, > while 'Tomcat' supplied the 'java' apps (containers for our > servlets) > > 3) Therefore, even if I'm using Tomcat 4.0, do I still need mod_ssl/ > apache_ssl plus open_ssl? > > 4) Will Apache (httpd) just pass the the HTTPS requests along to > Tomcat? > > 5) Any SSL for Dummies sites out there? > > Finally, > I also have a firewall/proxy issue to deal with here, hopefully that > will be > resolved next week when the server is moved onto our local network. > I'm not sure exactly the firewall is preventing me from doing right now. > Just too many variables to work with... > > Once I get all this working I get to through CORBA into the mix. Can't > wait. > > ThankX all > Ron > > -- > To unsubscribe: <mailto:[EMAIL PROTECTED]> > For additional commands: <mailto:[EMAIL PROTECTED]> > Troubles with the list: <mailto:[EMAIL PROTECTED]> -- Denny Chambers Quantum Corporation, Inc. Network Attached Storage Division Java Linux Engineer Phone: 251-478-5730 Cell: 251-605-3446 IM: [EMAIL PROTECTED] -- To unsubscribe: <mailto:[EMAIL PROTECTED]> For additional commands: <mailto:[EMAIL PROTECTED]> Troubles with the list: <mailto:[EMAIL PROTECTED]>
