Jeff, It is common to have SSL between the browser and apache (httpd), and no SSL between apache (httpd) and Tomcat. So you don't need to install a cert on your tomcat.
Depending on how you are proxying requests from your httpd server to tomcat (or if you also have load balancers and other components in front), you can have trouble with redirects. For instance, if the world knows your app as http://www.company.com/ and your app redirects the user to https://tomcatserver.dmz.company.com/, you have some issues to resolve. These issues are generally resolvable -- just be on the lookout for bad redirects. -Max On Wed, 2005-10-05 at 07:24 -0700, Jeff Thorne wrote: > I had a follow up question to the thread on SSL transactions. Does the SSL > cert absolutely need to be installed in the servlet container? My ISP is > telling me they will only install certs within the apache web server and not > Resin/Tomcat. Is there away to proxy SSL requests between apache web server > and my struts app? > > Thanks for the help, > Jeff > > > Tim Coy <[EMAIL PROTECTED]> wrote: > Ahh, I see > So what I think you are saying is that I should force the Credit Card > transaction form to https even if it is submitted from a http page. > That makes sense. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]