On 3/14/2011 3:46 PM, János Löbb wrote:
Hi,
I set up ssl using the JAVA_HOME/bin/keytool on OSX 10.6.6 - JSSE type
configuration with a self-signed certificate. Modified server.xml to include a
connector:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/Users/administrator/.keystore"
keystorePass="*****"
clientAuth="false" sslProtocol="TLS" />
anything else is the default, out of box.
Where should I configure and how that when I hit
http://localhost:8080
it should redirect to
https://localhost:8443
make sure your connector 8080 has redirectPort="8443" in it, then in
<tomcat.home>/conf/web.xml define a constraint, transport/confidential
<security-constraint>
<web-resource-collection>
<web-resource-name>Everything is https</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
??
That is I do not want it to be web app specific, I want to have this behavior
by default. I am not using httpd or mod_jk at this time and do not want to
use if I can avoid them.
Should I also add SSLEngine="on" ??
Thanks ahead,
János
P.S. I looked the list from 2008 and see nothing in this regard.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org