What we want to do is have round trip, SSL encryption when our clients use our webapps AND not have the port number as part of the URL. There are 3 scenarios:
1) Our client is using IIS to serve their current webapps – some of these apps could be employing SSL. How do we insure that JSP’s and Servlets that are redirected to Tomcat are talking with IIS securely – encrypted? I understand that typical redirection from IIS to tomcat is always decrypted, cleartext. 2) Our client is using IIS to serve their current webapps – none of their apps employ ssl. Can (and should) we setup IIS and Tomcat so that SSL requests go directly to Tomcat (Tomcat talks to client directly when SSL request issued) and standard HTTP requests goto IIS? 3) Our client does NOT want to use IIS – how do you setup tomcat to be a secure webapp server? (this is not as big a problem as numbers 1 and 2) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]