Re: Trusting another server's certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- "Bruno Melloni" <Bruno.Melloni@xxxxxxxxxxxxx> wrote:

> I successfully setup Apache Web Server, mod_ssl and mod_jk so that
> Apache acts as the load balancer for a cluster of Tomcat(based)
> servers - using self-signed certificates.  This means that I created
> Apache's certificates with openssl and Tomcat's with Java's keytool.

First off: The recommended way to connect Tomcat and httpd these days is
via mod_proxy_ajp/mod_proxy_balancer.

Next, for your sanity's sake, I do not recommend the use of keytool.
Tomcat understands a number of formats:
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Prepare%20the%20Certificate%20Keystore

> Two of my applications communicate with each other via HTTPS, and the
> servers must trust each other.  For the Tomcat server to trust the
> Apache server all I need to do is import the Apache certificate into
> the keystore (and/or cacerts).  
> 
> How do I make Apache trust the Tomcat server so that app-to-app HTTPS
> calls work?  Or do I even need to?

Exactly the same way:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslproxycacertificatefile

> Thanks

Bye,
-- 
Igor Galić

Tel: +43 (0) 699 122 96 338
Fax: +43(0) 1 91 333 41
Mail: i.galic@xxxxxxxxxxxxxx
URL: http://brainsware.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux