I guess that you should exchange the "JkMount /* tomcatssl" by "JkMount /* tomcat1" provided you use a "standard" Tomcat-setup.
For a parallel SSL- + Non-SSL-Setup using Apache2 you basically need 2 virtual-hosts in Apache2. One for Port 443 with the standard-SSL-parameters Apache2 expects to integrate OpenSSL for https and another for Port 80 / plain http. The Jk-directives are the same for both virtual hosts and don't care about SSL and go to Tomcats port 8009 (= using standard configuration). 8443 is typically the http-over-ssl-port (=http) for direct SSL access via coyote-connector and has nothing to do with ajp. If your Apache2 is doing the SSL-integration Tomcat "sees" no SSL-traffic because Apache2 lets openssl do the conversion from SSL and is connecting to Tomcat without any SSL-traffic but simple http. You can give Tomcat some information about the SSL-session like you did with > JkExtractSSL On > JkHTTPSIndicator HTTPS > JkSESSIONIndicator SSL_SESSION_ID > JkCIPHERIndicator SSL_CIPHER > JkCERTSIndicator SSL_CLIENT_CERT but then you have to give Apache2 an advice to deliver these information by a "SSLOptions +StdEnvVars +ExportCertData" (http://tomcat.apache.org/tomcat-3.2-doc/tomcat-ssl-howto.html might give you an idea about the two possibilities to setup Tomcat + SSL) On some of our servers we're still running Apache 2.0 + mod_jk + Tomcat 6 on Solaris - nearly the same setup as under Linux. These servers run with SSL and Non-SSL parallel but without these extra Jk-SSL-indicator-parameters you are using. Gruß, Tobias. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
