I believe you have to make Tomcat to listen to port 443 instead of 8443 for SSL then allow Apache to listen to port 443.
Hope this help. Cheers, Michael -----Original Message----- From: Gustavo Vegas [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 02, 2002 11:56 AM To: [EMAIL PROTECTED] Subject: SSL and mod_jk Problems on Tomcat 4.0.5 + Apache 1.3.26 (on Linux RH 7.3) Hello everyone, Here is my problem; I am trying to make SSL requests to Tomcat through mod_jk, but they do not appear to work. I am even able to see properly through plain HTTP those pages I want served by Tomcat through SSL. When I use the https://hosts/directory/page.jsp, I get the source code of the file. If I try using the 8443 port, it displays properly. I am also using j2sdk version 1.4.1. Here is the definition of the virtual host under Apache: ---------------------------------------------------------------------------- ------------------- <IfModule !mod_jk.c> LoadModule jk_module libexec/mod_jk.so </IfModule> JkWorkersFile "/usr/local/apache/conf/workers.properties" JkLogFile "/web/logs/mod_jk.log" JkLogLevel debug NameVirtualHost * <IfDefine SSL> # Should mod_jk send SSL information to Tomcat (default is On) JkExtractSSL On # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator HTTPS # What is the indicator for SSL session (default is SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) JkCIPHERIndicator SSL_CIPHER # What is the indicator for the client SSL certificated (default is SSL_CLIENT_C ERT) JkCERTSIndicator SSL_CLIENT_CERT # Other needed settings SSLOptions +StdEnvVars +ExportCertData ############################################################### # (BEGIN) Definition of SSL host.company.com virtual host # # NOTE: SSL Connections are only supported on IP-based virtual# # hosts # ############################################################### <VirtualHost 192.168.25.100:443> ServerName host.company.com ServerAdmin [EMAIL PROTECTED] DocumentRoot /web/htdocs/host.company.com ScriptAlias /cgi-bin/ /web/htdocs/host.company.com/www/cgi-bin/ DirectoryIndex index.html index.htm index.shtml index.shtm index.jsp Alias /reports/ /web/htdocs/host.company.com/reports JkAutoAlias /export/home/host.company.com SSLEngine On SSLCertificateFile /usr/local/XXX/certs/host.company.com.cert SSLCertificateKeyFile /usr/local/XXX/keys/host.company.com.com.key SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL Alias /pfctestssl "/web/htdocs/host.company.com/ssl" JkMount /pfctestssl/*.jsp ajp13 JkMount /pfctestssl/* ajp13 JkMount /pfctestssl/*.do ajp13 JkMount /pfctestssl/manager ajp13 JkMount /pfctestssl/manager/* ajp13 JkMount /pfctestssl/*/*.jsp ajp13 JkMount /pfctestssl/*/* ajp13 JkMount /pfctestssl/*/*.do ajp13 JkMount /pfctestssl/*/manager ajp13 JkMount /pfctestssl/*/manager/* ajp13 <Location "/pfctestssl/WEB-INF/"> </Location> <Location "/pfctestssl/WEB-INF/"> AllowOverride None Deny from all </Location> ErrorLog /web/logs/host.company.com/ssl_error_log CustomLog /web/logs/host.company.com/ssl_access_log combined TransferLog /web/logs/host.company.com/ssl_transfer_log </VirtualHost> ############################################################### # (END) Definition of SSL host.company.com virtual host # # ############################################################## </IfDefine> ---------------------------------------------------------------------------- ------------------- I believe this to be a problem with jk_mod not understanding what to do with the requests for these pages. I even tried to tell it to pass such requests by adding wildcards for the subdirectories under the ssl directory, but it did not work. Any help on this issue would be highly appreciated. BTW, all other configuration bits seem to work. This was actually working prior to us getting Tomcat talking to a database server, but this would be extremely weird if it prevents mod_jk from talking SSL. That is why I am not including any other configuration files here. If need be, I will post any additional information that people may want to take a look at. Thanks, -- Gustavo Vegas. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>