Skyhighguy
asked on
Are wildcard SSL certificates supported under Tomcat 6.x?
Hello,
I have a custom app that does not accept HTTPS -> HTTP port translation well (it throws a URL response of http: back into the browser), and i'm thinking my next best option is to attempt to install a certificate into tomcat instead, and connect HTTPS to the back end service directly. (unless someone has a better idea on how to get the app to accept https even though the intranet connection will be over http).
Will tomcat 6.x accept a wildcard certificate? I seem to remember finding that answer to be no in the past, however i cannot find a clear answer on the web. To go with a non wildcard certificate, we'd be forced to purchase a new certificate specifically for this app, which i don't want to do as it is not used that much.
I have a custom app that does not accept HTTPS -> HTTP port translation well (it throws a URL response of http: back into the browser), and i'm thinking my next best option is to attempt to install a certificate into tomcat instead, and connect HTTPS to the back end service directly. (unless someone has a better idea on how to get the app to accept https even though the intranet connection will be over http).
Will tomcat 6.x accept a wildcard certificate? I seem to remember finding that answer to be no in the past, however i cannot find a clear answer on the web. To go with a non wildcard certificate, we'd be forced to purchase a new certificate specifically for this app, which i don't want to do as it is not used that much.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Is this "Custom app" supposed to handle just https traffic, or both HTTP and HTTPS? If the latter do you have two connectors defined in your server.xml, on different ports. Either way does the secure connector have a secure="true" redirectPort="443" in it's definition?
On the alternative suggestion front, you could stick an Apache HTTPD instance in front of your Tomcat and use either mod proxy or alias to handle the Browser -> HTTPS (Apache) -> HTTP (Tomcat) -> (Apache) HTTPS -> Browser translations e.g. The following would force any traffic, from a browser, for your App to be sent in HTTPS, and proxy it on to the tomcat in HTTPS:
<VirtualHost *:443>
...
SSLEngine on
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!e
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key
SSLCACertificatePath /path/to/ssl.crt
...
RewriteCond %{HTTPS} !on
RewriteRule yourWebApp https://%{SERVER_NAME}%{REQUEST_URI
RewriteRule (yourWebApp.*) http://%{SERVER_NAME}:8080/$1 [P]
...
</VirtualHost>
The above solution will loose some performance.