As far as I know, based on a discussion last week on this topic, communications between apache and tomcat via AJP13 are unencrypted whether you have tomcat enabled for SSL or not.
You are correct that mod_ssl is used for SSL on apache. That is all you need to encrypt a session between a browser and a webserver. The connector (which uses the AJP13 protocol) does not use SSL. The request is decrypted by apache, then sent over the connector to tomcat. Tomcat processes the request, and sends the result back over the connector to apache. Apache encrypts the response, and sends it back to the browser. So, to setup SSL on apache, use mod_ssl. (http://www.modssl.org) Using mod_ssl will have no effect on the connection between apache and tomcat using the AJP13 connector. John Turner [EMAIL PROTECTED] > -----Original Message----- > From: Peter Choe [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 27, 2002 2:06 PM > To: Tomcat Users List > Subject: RE: one last plea for help > > > what do you mean? i want to use mod_ssl on apache to encrypt > connection > between the server and the browser. i > have read that you need ajp13 connector to use ssl. > > Peter Choe > > At 01:44 PM 8/27/2002, you wrote: > > >The connection between apache and tomcat is not encrypted. > There's more > >detail on this in the archives, there was a discussion on it > last week. > > > >John Turner > >[EMAIL PROTECTED] > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
