On 01/08/2014 17:06, John Smith wrote: > On Fri, Aug 1, 2014 at 11:54 AM, Mark Thomas <ma...@apache.org> wrote: > >> On 01/08/2014 16:30, Daniel Mikusa wrote: >>> You probably want the SSL certificate installed on your hardware load >>> balancer. End client's browsers are going to connect to the hardware >> load >>> balancer, not Tomcat. Thus you'd want the certificate there so your end >>> users can benefit from it. >> >> That depends on whether the load-balancer is operating at layer 4 or >> layer 7. >> >> Mark >> >> > Mark, I have to check which layer it's operating at, but does that mean > that, depending on the layer, the cert should *not* be on the LB?
TLS is layer 5 so if the LB is operating at layer 4 it can't host the cert. Some LBs can operate at layer 5 so it will depend on your LB and/or its configuration. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org