On Thu, Apr 4, 2019 at 5:34 PM Zer0Cool <melin3...@gmail.com> wrote: > Upon thinking about it however, end users wouldnt see this info for the key > store, would they? > > As far as I understand it, with Nginx being the reverse proxy and handling > SSL, Lets Encrypt providing a valid Cert (and looking at the cert it uses > its own subject, etc.), JKS is only used for tomcat, which is behind Nginx. > > So as far as I understand it and could be very wrong, wouldnt this keystore > only be used between tomcat and Nginx? >
Yes, you are correct - and, if Nginx is running on the same system as Tomcat, there's really very little point in encrypting the connection between the two processes on the same system. If they're on different systems and you're trying to encrypt the connection between those systems, that makes sense. -Nick
