On 25/06/2010 17:56, John-Paul Ranaudo wrote: > Our environment: > > Unix Solaris 5.9 > Tomcat 6.0.26 > JVM 1.6.20 > > Our application runs in two frameworks. One uses https one does not. I am > trying to configure the tomcat connectors to work but when I get it working > in one framework it does not work in the other. > > *I have been told we do not need to 'handle' SSL totally as this is handled > by our load balancers. Not sure what these means*.
That usually means that the load-balancer is decoding the SSL connection and passing an unencrypted connection through to the servers in the cluster, which then don't need to repeat the effort. > For example: In one framework we'll get permission denied errors and the > other will work. If we change things around the opposite occurs but instead > of permission errors we get invalid certificate error. > > The tomcat documentation on connectors does not describe the options very > well. This link, or another one? http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL Support > <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000"/> > > <Connector port="443" protocol="HTTP/1.1" SSLEnabled="false" > maxThreads="150" scheme="https" secure="false" clientAuth="false" > sslProtocol="TLS"/> Looks like a few odd things going on there. SSLEnabled=false secure=false You'll need to set at least one of those to true. If the connector on 443 is supposed to be decoding SSL connections there's a lot more config you'll need too. See the link above. > The above connectors work with the http framework but gives me the "mixed > content warning" in IE because some requests are http and some https. That's nothing to do with the Connectors per se. If your web app is mixing references to secure and insecure pages, you'll get that warning. You need to fix your app so it does the right thing. p > It's obvious I have not worked with SSL very much. Any help would be greatly > appreciated. > > Regards, > > John Ranaudo >
signature.asc
Description: OpenPGP digital signature
