On Mon, 7 May 2001, Sridharan Kuppa wrote:
> Hi,
> I have Netscape Enterprise Server3.5.1 and Tomcat. I have
> configure Netscape Enterprise Server3.5.1 to handle tomcat for
> Servlet and Jsp. It is working fine. Now, i would like to install
> ssl. Where do i to install ssl whether in Netscape Server or Tomcat
> Servlet Engine. I think i need to install into tomcat because
> webserver just forwarding its request to tomcat without doing any
> validation. Could you any one tell me whether it is correct or
> wrong?
You are wrong :-).
Generally, when you are using a servlet container that sits behind the
web server, the ssl stuff is taken care of by the web server, and is
totally transparent to the servlet container. That is, the web server
takes care of all the ssl negotiations, and decrypting/encrypting the
request/response before/after the servlet container sees it
(respectively :-).
I was using NES some time back. It's already got ssl capability
built-in, you just need to enable it. I don't remember the directives
to put in the conf file to do it, but you can do it very easily via
the web admin interface.
NES's model for setting up ssl is different from Apache's though --
when you enable ssl, you do it for the entire server "instance". You
may want to have separate secure (https) and non-secure (http) server
instances. This means that you may need to change some things about
how you have the servlet/jsp stuff configured to work with the server.
Milt Epstein
Research Programmer
Software/Systems Development Group
Computing and Communications Services Office (CCSO)
University of Illinois at Urbana-Champaign (UIUC)
[EMAIL PROTECTED]
