On 3/14/2011 3:46 PM, János Löbb wrote:
Hi,I set up ssl using the JAVA_HOME/bin/keytool on OSX 10.6.6 - JSSE type configuration with a self-signed certificate. Modified server.xml to include a connector: <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" keystoreFile="/Users/administrator/.keystore" keystorePass="*****" clientAuth="false" sslProtocol="TLS" /> anything else is the default, out of box. Where should I configure and how that when I hit http://localhost:8080 it should redirect to https://localhost:8443
make sure your connector 8080 has redirectPort="8443" in it, then in <tomcat.home>/conf/web.xml define a constraint, transport/confidential <security-constraint> <web-resource-collection> <web-resource-name>Everything is https</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
?? That is I do not want it to be web app specific, I want to have this behavior by default. I am not using httpd or mod_jk at this time and do not want to use if I can avoid them. Should I also add SSLEngine="on" ?? Thanks ahead, János P.S. I looked the list from 2008 and see nothing in this regard. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
