I need to implement SSL for Tomcat 6.0.24 on Windows 2003 Server R2 SP2 that is already running IIS 6.0. Should I implement SSL using IIS or Tomcat? There are other webapps running under this Tomcat that do not require https.
Reading through the docs: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration The process seems easy enough. Generate a keystore and uncomment the SSL connector in server.xml, changing the default password, and pointing the keystore path correctly. I do not have the Tomcat native library installed, so JSSE applies for me. "...Any page within an application can be requested over a secure socket by simply prefixing the address with https: instead of http:. " When I enable SSL, this means that it is enabled for every webapp running under that Tomcat? The user can choose the protocol for the URL even if it is not required? "...It is not strictly necessary to run an entire web application over SSL, and indeed a developer can pick and choose which pages require a secure connection and which do not." Where do I configure this? I only need one URL to be available via https: Leo Donahue
