Vincenzo, Yes. That's exactly what I want to do. What did you use for ssl on Tomcat? Also, can I use my existing ssl certificate on an IP address, not a domain name?
-----Original Message----- From: Vincenzo Gianferrari Pini [mailto:[EMAIL PROTECTED] Sent: Thursday, June 19, 2003 12:51 PM To: James Users List Subject: RE: SMTP Even better; I have a tomcat as a web server and J2EE web container, using an ssl connector, with a servlet/jsp application that talks to a James instance in the same machine, that accepts only smtp requests from that same machine if outbound. If I understood correctly all your postings this is exactly what you are looking for. It works fine and secure. Vincenzo > -----Original Message----- > From: David Schwartz [mailto:[EMAIL PROTECTED] > Sent: giovedi 19 giugno 2003 18.40 > To: James Users List > Subject: RE: SMTP > > > Thanks Noel > > >>If the connector between the web server and tomcat is secure... > > Are you referring to the apache connector for tomcat? > > What if I'm using tomcat as the web server, without Apache? > > -----Original Message----- > From: Noel J. Bergman [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 3:55 PM > To: James Users List > Subject: RE: SMTP > > > > Only problem is that I wasn't planning on putting Tomcat on the > > server > > > with the ssl certificate - yet. I wanted to have java/james/tomcat > > on > > > a server & web server with ssl on dif machine. > > If the connector between the web server and tomcat is secure, then you > are fine. Otherwise, an intruder could attempt connecting to tomcat > directly on the second machine. Also, if you have the password > conveyed over the connector, it is possible that it could be sniffed. > The issue, at this point, is just a webapp security topic. > > Please note > (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html): > > "When running Tomcat primarily as a Servlet/JSP container behind > another web server, such as Apache or Microsoft IIS, it is usually > necessary to configure the primary web server to handle the SSL > connections from users. Typically, this server will negotiate all > SSL-related functionality, then pass on any requests destined for the > Tomcat container only after decrypting those requests. Likewise, > Tomcat will return cleartext responses, that will be encrypted before > being returned to the user's browser. In this environment, Tomcat > knows that communications between the primary web server and the > client are taking place over a secure connection (because your > application needs to be able to ask about this), but it does not > participate in the encryption or decryption itself." > > --- Noel > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
