Skip to Main Content

Java EE (Java Enterprise Edition) General Discussion

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

How to make tomcat 5 support SSL (https)?

843841Nov 19 2004 — edited Nov 21 2004
Hi,
is there a way to make tomcat support SSL (https)?

i using: Apache 1.3.33
with : Tomcat 5.0.28-1.00RC2
and : jakarta-tomcat-connectors-jk-1.2.6
JDK: j2sdk1.4.0_04

Many thanks
Anatolia

Comments

843841
Hi Anatolia,
Tomcat supports the SSL with the help of a package called JSSL (Java Secure Sockets Layer).

This package has to be downloaded and installed on ur system.

It provides facilities like public/private key encryption and third-party security.

Hope this helps.

Cheers !!
Sherbir
843841
Thanks very much Sherbir,
But JSSE is integrated into the Java 2 SDK, Standard Edition, v 1.4 and above!
here is what i'm facing:
the documentation says:

>
It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests. Likewise, Tomcat will return cleartext responses, that will be encrypted before being returned to the user's browser. In this environment, Tomcat knows that communications between the primary web server and the client are taking place over a secure connection (because your application needs to be able to ask about this), but it does not participate in the encryption or decryption itself.



I'm running running Tomcat as a Servlet/JSP container behind Apache 1.3.33 web server.
So all SSL requests are handled by apache web server, but the problem I'm facing is that if i request any jsp page using https (ssl) i get plain text and it's not handled by tomcat!
i have a test page called test.jsp:
<html>
<head>
<title>JSP test page</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>
<p>2 x 2 = <%= 2 + 2 %>
</p>
</body>
</html>
If I request this page using normal http request I get my results fine:
2 x 2 = 4

but if i request the page using https (ssl) I get a clear plain text of my jsp file content like this:
<html>
<head>
<title>JSP test page</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>

<body>
<p>2 x 2 = <%= 2 + 2 %>
</p>
</body>
</html>
Now how do I fix this problem and make apache passes the jsp file to tomcat if the request was https (ssl) and not send me cleartext of my file content!

Many thanks
Anatolia
843841
I found the problem, it was in the httpd.conf file :
<IfDefine SSL>
<VirtualHost 111.222.333.444:443>

i had to add:

<IfModule mod_jk.c>
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
JkMount /servlets/* ajp13
</IfModule>

thanx to all
1 - 3
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Dec 19 2004
Added on Nov 19 2004
3 comments
100 views