-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Angelo,
On 7/18/2011 4:55 AM, AngeloChen wrote: > I set up a virtual host for ssl in apache, www.sample.com, it uses > mod_proxy to redirect to a tomcat server: > > ProxyPass / https://localhost:8443/ ProxyPassReverse / > https://localhost:8443/ ProxyPreserveHost on > > SSLEngine on SSLProxyEngine on > > SSLCertificateFile /etc/httpd/sample.crt SSLCertificateKeyFile > /etc/httpd/sample.key > > do I need a jks in the tomcat side? Thanks, No, because you are not using AJP, you're using HTTP(S). If you trust your web server and you have a secured network, you don't need to have the link between httpd and Tomcat use HTTPS. You'll get a performance improvement if you drop that SSL connection. Also, you might want to make sure you are using the APR connector on the Tomcat side, which will significantly improve your SSL performance in Tomcat. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4kSa8ACgkQ9CaO5/Lv0PCAiACdEcslVe78JP1p60s7MvphvNYr VQYAnRlE5U9Ix8++n5Ouwa0tM5TMSGYf =G8x9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
