yes. Bill's original statement is accurate if we reference http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html
Option1 (Tomcat container running behind another SSL enabled web-server) "When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself" Option2 certificates please referece this link from Certificate provider Verisign http://www.verisign.com/ssl/ssl-information-center/how-ssl-security-works/index.html where the certificate supplies a public key to decrypt information and also supplies a private key used to decipher the key To quote "An SSL Certificate consists of a public key and a private key. The public key is used to encrypt information and the private key is used to decipher it" Tomcat container(s) are not doing the encrypting or decrypting in either scenario- HTH, M- --------------------------------------------------------------------------- This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. --------------------------------------------------------------------------- Le présent message électronique (y compris les pièces qui y sont annexées, le cas échéant) s'adresse au destinataire indiqué et peut contenir des renseignements de caractère privé ou confidentiel. Si vous n'êtes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. ----- Original Message ----- From: "dfelicia" <[EMAIL PROTECTED]> To: <users@tomcat.apache.org> Sent: Friday, December 08, 2006 11:07 PM Subject: Re: Is this possibe? mod_jk <==SSL==> AJP/1.3 > >>Tomcat currently does not support encryption. > Huh? Sure it does. I think you mean AJP doesn't support encryption. > -- > View this message in context: > http://www.nabble.com/Is-this-possibe---mod_jk-%3C%3D%3DSSL%3D%3D%3E-AJP-1.3-tf2776640.html#a7769280 > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
