Though we originally started with Apache HTTP in front of Apache Tomcat,
we eventually removed Apache HTTP and setup the Apache Portable Runtime
(APR) (http://apr.apache.org/) to handle the SSL Connector in Tomcat.
The APR Connector is configured exactly like you would mod_ssl. We did
this as we experienced failures when stress testing CAS; Apache HTTP was
closing connections due to Tomcat taking too long to fulfill requests.
<Connector
port="443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
SSLCertificateFile="/path/to/server/crt "
SSLCertificateKeyFile="/path/to/server/key"
/>
Andrew R Feller, Analyst
University Information Systems
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA, 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Robert Oschwald
Sent: Friday, April 18, 2008 11:44 AM
To: [email protected]
Subject: RE: SSL - CAS - tomcat - mod_auth_cas
Tomcat behind ssl enabled apache httpd or IIS via mod_jk is ok, too.
Thats how we use it. Therefore, you dont have to play around with
keystore stuff, just your normal apache httpd config (conf.d/ssl.conf).
Robert
>Is it possible my cas server doesn't know where the keystore is? Also,
my tomcat is NOT ssl enabled. I'm working under the (false?) assumption
that it doesn't need to be as long as it is behind apache-ssl/mod_jk.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
