Re: SSL and non SSL configuration on tomcat 6.0.26, confused

On 01/07/2010 20:11, John-Paul Ranaudo wrote: I wish I could provide more information. At least I have narrowed down the problem. I am having a meeting with the architects of both frameworks today so perhaps I'll get some details. Given some examples of URLs that fail, and bits of

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

No we are not. On 7/1/10, Pid p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

That wont work either because like I said before, the application is not really using SSL. The SSL is handled by the load balancers. If we use anything that forces SSL it will fail for the other framework which does not use SSL. On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com wrote: On

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

On 01/07/2010 14:49, John-Paul Ranaudo wrote: That wont work either because like I said before, the application is not really using SSL. The SSL is handled by the load balancers. Either I'm confused, or you are. In your description of the issue so far, you've said that the application *is*

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

I am confused no doubt. What you say here is correct: *In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections* * * *I think I understand what you mean by redirecting. Our current

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

On 01/07/2010 16:01, John-Paul Ranaudo wrote: I am confused no doubt. What you say here is correct: /In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections/ / / /I think I

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

I did more tracing and remote debugging and I was mistaken (too many late nights). Each framework is sending us the request via port 80. The problem comes from the fact the one of the frameworks uses HTTPS before the load balancers so when we send back a redirect it is using the wrong scheme. HTTP

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

On 01/07/2010 19:38, John-Paul Ranaudo wrote: I did more tracing and remote debugging and I was mistaken (too many late nights). Each framework is sending us the request via port 80. The problem comes from the fact the one of the frameworks uses HTTPS before the load balancers so when we send

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

I wish I could provide more information. At least I have narrowed down the problem. I am having a meeting with the architects of both frameworks today so perhaps I'll get some details. Thanks. On Thu, Jul 1, 2010 at 2:54 PM, Pid p...@pidster.com wrote: On 01/07/2010 19:38, John-Paul Ranaudo

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

Chris Sorry for the late reply. While I have not been able to try this yet your explanations are very clear and I understand better what the options on the connector mean now. I will give this a try. Thank you for your reply. Regards, John Ranaudo On Fri, Jun 25, 2010 at 2:22 PM, Christopher

SSL and non SSL configuration on tomcat 6.0.26, confused

Our environment: Unix Solaris 5.9 Tomcat 6.0.26 JVM 1.6.20 Our application runs in two frameworks. One uses https one does not. I am trying to configure the tomcat connectors to work but when I get it working in one framework it does not work in the other. *I have been told we do not need to

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

On 25/06/2010 17:56, John-Paul Ranaudo wrote: Our environment: Unix Solaris 5.9 Tomcat 6.0.26 JVM 1.6.20 Our application runs in two frameworks. One uses https one does not. I am trying to configure the tomcat connectors to work but when I get it working in one framework it does not

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

Thanks for the reply. Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to have SSLEnabled=true? However if I do, does this not make Tomcat try and decode the

Re: SSL and non SSL configuration on tomcat 6.0.26, confused

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to