I'm having a little trouble understanding what you mean by "SSL certificate terminates on the front server".
I use to front-end Tomcat with Apache HTTP server in the past due to the need for mod_rewrite and mod_ssl, however I have since moved to a standalone Tomcat with APR for SSL. Is there a particular reason you need to front-end Tomcat? If your answer is no, then you might check out using Apache Portable Runtime (APR) to handle SSL, which works just like mod_ssl. http://www.nabble.com/RE%3A--cas-dev--keytool-needed---to17103709.html#a1710 3709 http://tomcat.apache.org/tomcat-6.0-doc/apr.html If your answer is yes, then you will want to look into mod_proxy_ajp (for newer Apache installations) or the older mod_jk. These modules will allow you to forward requests received by Apache HTTP to Tomcat. HTH, A- On 8/13/08 7:21 PM, "Andrew Bruno" <[EMAIL PROTECTED]> wrote: > Does anyone have experience in fronting CAS with F5 or Apache, where > the SSL certificate terminates on the front server? > > I know that when using a self signed certificate you need to import > the certificate into tomcat's JRE cacerts file. > > If using a "real" (verign, etc..) certificate, is the import into the > JRE still required? > > Thanks > Andrew > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Andrew R. Feller, Analyst Information Technology Services 200 Fred Frey Building Louisiana State University Baton Rouge, LA 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax) _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
