Thanks.
Could you please tell me or direct me to some resource that indicates how to have Apache handle SSL? Would there be separate SSL definitions for each virtual host? or just one for all virtual hosts?

Appreciate all the help I am getting here...

Martin Gainty wrote:
Follow up on Bill's advice to use jsvc as Tomcat launcher and then front-ending with Apache to handle the SSL If you are using jsvc I would setup the CLASSPATH following advice by David Erickson at
http://marc.theaimsgroup.com/?l=tomcat-user&m=108578233003073&w=2
he discovers that tools/commons-daemon/bootsrap is the correct config which is defined here
CLASSPATH=$CLASSPATH:\
> $JAVA_HOME/lib/tools.jar:\
> $DAEMON_HOME/dist/commons-daemon.jar:\
> $CATALINA_HOME/bin/bootstrap.jar:\
> $CATALINA_HOME/common/lib/log4j-1.2.8.jar:\
> $CATALINA_HOME/common/classes

Bon Chance,
Martin --

This email message and any files transmitted with it contain confidential
information intended only for the person(s) to whom this email message is
addressed. If you have received this email message in error, please notify
the sender immediately by telephone or email and destroy the original
message without making a copy.  Thank you.

----- Original Message ----- From: "Bill Barker" <[EMAIL PROTECTED]>
To: <users@tomcat.apache.org>
Sent: Saturday, May 27, 2006 9:06 PM
Subject: Re: SSL with Tomcat and Apache..IE problems



"Rizwan Merchant" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]

Thanks Bill,
Can I change the redirect port in server.xml from 8443 to 443? Currently, we are running tomcat as non-root user (tomcat user). Will we need to change this as well?


Well, since you are fronting with Apache, you could setup Apache to handle the SSL requests on 443 (probably easiest). Then you just configure that VirtualHost to forward all to Tomcat.

Baring that, you can use the 'jsvc' program from commons-daemon (which is bundled in a tarball with the Tomcat distro) to allow Tomcat to bind to 443 as root, and then switch to a non-privileged user to handle requests.

Bill Barker wrote:
"Rizwan Merchant" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]

We are running tomcat 5.5.16 on Fedora Core 4 OS. We just installed apache2.0 as a front to serve the pages using the mod_jk connector. There are 2 apps on tomcat (virtual hosting), one of which needs to be SSL enabled (lets say app1 and app2, app2 is the one that needs to be SSL enabled).

Everything seems to be working fine on FireFox, both apps can be accessed fine. When we access www.app1.com pages are served as expected, and when we access www.app2.com the browser detects the certificate and switches to https

But things are not well when it comes to IE. www.app1.com works the same as FF, and the app can be accessed. But when we try to access www.app2.com, IE shows the certificate and asks if we would like to proceed. When we click on 'Yes', the browser cannot find the app after that and returns "Page cannot be displayed error". Also, directly accessing the https site by using the URL https://www.app2.com:8443 works fine on IE as well. so its basically the switching from http to https for app2 that doesnt seem to work.



This used to pop up all the time when more people were using TC 4 :). What it happining is that IE gets confused easily when you redirect to to a non-default SSL port. This is especially true if the next page that you hit also does a redirect.

The solution is to use the default SSL port of 443 (either that, or don't use IE ;-).


I dont understand why this works on FF but not on IE..!
I hope someone can shed some light on this. I can post the httpd.conf , server.xml and workers.properties files if that helps..

Thanks,
-Riz.



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to