I had a follow up question to the thread on SSL transactions. Does the SSL cert absolutely need to be installed in the servlet container? My ISP is telling me they will only install certs within the apache web server and not Resin/Tomcat. Is there away to proxy SSL requests between apache web server and my struts app? Thanks for the help, Jeff
Tim Coy <[EMAIL PROTECTED]> wrote: Ahh, I see So what I think you are saying is that I should force the Credit Card transaction form to https even if it is submitted from a http page. That makes sense. -- Tim Coy Timco Electronics Pty Ltd [EMAIL PROTECTED] > The ideal mode of operation for SSLEXT is that the user does not get > flopped, but rather gets linked or form-submitted to the correct scheme > (http/https) in the first place. > > For instance, if you use the SSLEXT link tag, the current page was > accessed via HTTP, and the link is to a page that should be secure, the > SSLEXT link tag will render an absolute URL starting with https://. No > flop (via redirect) is required. The SSLEXT form tag works similarly. > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
