27.05.2014 19:31, John Smith пишет:
1. Anyone familiar with any problems routing 443 to 8443 on *nix boxes for TC SSL certs? It's preferable to not have my end users needing port numbers. The cert doesn't care about the port, IIRC.
Try check trafic with ssldump http://www.rtfm.com/ssldump/
2. With the SSL connector enabled, https://* is globally respected on the entire webapp. Do I need to manually check the URL/protocol to deny or redirect https to http outside of '/admin'? Is there any built in TC mechanism or suggested best practice to handle this? or should I not care?
We use two-factor authentification with SSL - but I think in your case this can be helpful too - not a big difference.
Try look at this: http://wiki.metawerx.net/wiki/ForcingSSLForSectionsOfYourWebsite
Best, John
Arseny. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org