Didier McGillis wrote:
Actually I believe its the opposite. Apache serves the certificate the
communication between Tomcat and Apache shouldnt be public anyway.
Apache makes the SSL handshake and passes any client certificate to
Tomcat. Any servlet sees that like it came directly from Tomcat.
Communication between apache and tomcat is not encrypted,
so if you are concerned about the security, put the apache on the
box with two NIC cards, and use the second for the
apache-tomcat communication.
AJP14 protocol will have encryption embedded, so until then :).
Mladen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
