Is this possibe? mod_jk <==SSL==

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

JSP - A mailing list about Java Server Pages specification and reference

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Oracle Connection Pooling in 3 2 2
•	Servlet : Session invalidate
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Tomcat and webapplication specific java library path
•	Running a Simple JMS Example
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	Cannot find message resources under key org apache struts action MESSAGE
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	url string for connecting jboss to oracle
•	Value attribute of <html:checkbox
•	javax servlet ServletException: BeanUtils populate
•	HTTP Status 404 The requested resource is not available
•	5 0 18: Windows XP Pro vs Windows 2000

Is this possibe? mod_jk <==SSL== > AJP/1.3

Is this possibe? mod_jk <==SSL== > AJP/1.3

2006-12-07 - By dfelicia

Back

Reply: 1 2 3 4

Can traffic between mod_jk and Tomcat's AJP connector be encrypted (without
using ssh/stunnel)?

I see SSL mentioned in the doc for AJP, but it's clear as mud:
http://tomcat.apache.org/tomcat-5 (See http://cat-5.ora-code.com).5-doc/config/ajp.html

So, in Apache, I am using SSL and mod_jk. I set these parameters per the
mod_jk doc:

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated (default is
SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

In Tomcat's server.xml, I have define an AJP/1.3 connector like so:

<Connector port="8202" protocol="AJP/1.3" URIEncoding="UTF-8 (See http://UTF-8.ora-code.com)"
scheme="https" secure="true" clientAuth="false">

(mod_jk worker uses this connection)

It works whether I set scheme and secure or not. Is the communication
encrypted? (If so, I'd wonder how since Tomcat knows nothing of my CA's
public key or my keystore.)

What am I missing?
--
View this message in context: http://www.nabble.com/Is-this-possibe---mod_jk-
%3C%3D%3DSSL%3D%3D%3E-AJP-1 (See http://AJP-1.ora-code.com).3-tf2776640.html#a7746284
Sent from the Tomcat - User mailing list archive at Nabble.com.

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)