2009/11/25 jkv <j.kumara...@gmail.com>: > I got one small doubt in the last point that you said. > > In this environment, you only want your "public" certificate on httpd. > Tomcat will not be doing anything that uses it, so don't put a copy > on those machines. > > this means that I will not enable SSL in my tomcat.. I will comment > <!-- <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true" > ....> --> > > tag totally from server.xml file in tomcat and have just one connetor > element i.e., > > <Connector port="8009" protocol="AJP/1.3" redirectPort="443" />
Certainly you only need the AJP connector, as Tomcat will never be handling http or https requests. > Thanks for the reply, that really helped a lot and we can also conclude we > cannot have a secure horizontal loadbalancing with Apache and Tomcat! Depends what you mean by "secure", as the level of security is relative, not absolute. There are more moving parts to secure, but it's possible to secure all of them to a reasonable standard. No system is *ever* 100% secure from attack, even if it's 100 metres underground, powered by its own generator, no network, Faraday-shielded, has a division of armed guards protecting its bunker and has self-destruct systems built in. It just depends how much the attacker wants your data, and therefore what resource (s)he is willing to commit to acquiring them. - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org