unless of course the Cert is self-signed with keytool I would remove all the certs from classpath and start with a 'True Certificate' signed by Verisign or Thawte
M- --------------------------------------------------------------------------- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --------------------------------------------------------------------------- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. ----- Original Message ----- From: "dfelicia" <[EMAIL PROTECTED]> To: <users@tomcat.apache.org> Sent: Thursday, December 07, 2006 2:46 PM Subject: Is this possibe? mod_jk <==SSL==> AJP/1.3 > > Can traffic between mod_jk and Tomcat's AJP connector be encrypted (without > using ssh/stunnel)? > > I see SSL mentioned in the doc for AJP, but it's clear as mud: > http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html > > So, in Apache, I am using SSL and mod_jk. I set these parameters per the > mod_jk doc: > > # JkOptions indicate to send SSL KEY SIZE, > JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories > JkExtractSSL On > # What is the indicator for SSL (default is HTTPS) > JkHTTPSIndicator HTTPS > # What is the indicator for SSL session (default is SSL_SESSION_ID) > JkSESSIONIndicator SSL_SESSION_ID > # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) > JkCIPHERIndicator SSL_CIPHER > # What is the indicator for the client SSL certificated (default is > SSL_CLIENT_CERT) > JkCERTSIndicator SSL_CLIENT_CERT > > In Tomcat's server.xml, I have define an AJP/1.3 connector like so: > > <Connector port="8202" protocol="AJP/1.3" URIEncoding="UTF-8" > scheme="https" secure="true" clientAuth="false"> > > (mod_jk worker uses this connection) > > It works whether I set scheme and secure or not. Is the communication > encrypted? (If so, I'd wonder how since Tomcat knows nothing of my CA's > public key or my keystore.) > > What am I missing? > -- > View this message in context: > http://www.nabble.com/Is-this-possibe---mod_jk-%3C%3D%3DSSL%3D%3D%3E-AJP-1.3-tf2776640.html#a7746284 > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
