Since apparently this capability is not available, yet, nor a high priority, might I suggest ssh tunneling. We use it here to tunnel MySQL replication through a set of firewalls:
ssh -2 -N -T -q -L <localport>:<remote-host>:<remote-port> <remote-host> Using PKE means that I can run that tunnel as a particular pseudo-user with its own set of keys. I use a daemon to make sure that if the tunnel dies, it comes back. As I said, this technique supports the real-time replication that we've been running for more than two years. I see no reason why I couldn't run an SSH tunnel over which to transparently run Connector protocols, which makes more sense to me than bolting SSL onto them. SSH tunnels not only protect the data, they authenticate the user. If I were Company B, I would not want just anyone connecting to my Tomcat via a Connector! --- Noel -----Original Message----- From: news [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Barker Sent: Saturday, December 14, 2002 2:19 To: [EMAIL PROTECTED] Subject: Re: SSL Connection Tomcat and Apache While there seems to be a demand for SSL from Apache->Tomcat, the fact is that it is not currently implemented. Both the Warp & Ajp13 protocols send the messages un-encrypted and easily enough decipherable to a sniffer. They are designed around the assumption the your Tomcat Server is in the same DMZ as your Apache/httpd server. Of course, patches are always welcome, if anyone wants to add SSL support to either Warp or Ajp13 ;-). "Turner, John" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... With the increase in web services, and different companies working as partners, it's very conceivable (in my mind) that there would be a situation where the initial web request was handled by apache owned by Company A, and for one reason or another, needed to connect to tomcat owned by Company B across the public internet to fulfill the request. Rather than incorporate some sort of separate VPN scenario with software or hardware (or both) it would be nice to be able to create an encrypted tunnel from one server to the other (apache<->tomcat) on the fly. I'm definitely interested in hearing from people who have this working, and how they did it. I intend to try setting it up myself as soon as I have the time. John Turner [EMAIL PROTECTED] -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>