Where do I install Tomcat SSL sertificate

I have a client that is running a database program on a Windows Server 2008 R2 machine.  The database is running under Apache Tomcat. They want to give external clients access to the program.  It currently works with http://domainname.com/DatabaseProg under port 80, but we want to secure it with an SSL certificate.

I'm trying to figure out where to install the certificate: under Tomcat or under IIS7.  The reason I'm wondering is because of this section in the Tomcat documentation:

"It is important to note that configuring Tomcat to take advantage of secure sockets is usually only necessary when running it as a stand-alone web server. When running Tomcat primarily as a Servlet/JSP container behind another web server, such as Apache or Microsoft IIS, it is usually necessary to configure the primary web server to handle the SSL connections from users. Typically, this server will negotiate all SSL-related functionality, then pass on any requests destined for the Tomcat container only after decrypting those requests."

They have IIS7 installed on the server with the default web site, which is not actively used for anything as far as I know.  Is the fact that IIS7 is installed and running mean that I install the SSL certificate there? Or must I install it in the Tomcat folders per their documentation?

Bottom line, I want external clients to be able to access the database securely as: https://domainname.com/DatabaseProg (presumably through port 443).

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
If you are using Tomcat as the web server, I think you already have the details of how to install the certificate, since it appears you quoted from the page.  (If that's what you wanted to do, you might even want to remove IIS to avoid the situation where that service binds to port 80 or 443 before Tomcat does.

If the users are current connecting to port 80 -- I'd run "netstat -an" just to see what program is bound to tcp/80.  At least that way you'll know if it's IIS or Tomcat.

In the past the recommendation is to not use Tomcat as the webserver except in development environments.  You'd normally want to use a fully functional web server, such as IIS or apache.  

If Tomcat is already handling the requests on port 80, and you don't want to get into trying to move everything to IIS, install the certificate in the Tomcat web components per the earlier instructions.  (I really hope it's using IIS though.)

If you're using IIS as the web server, just open up the IIS Manager... select the Site -- and Server Certificates should be available in the right window.  You can use that to add a certificate.  Once done, you can right click the site... and select bindings... and add a binding for 443, with the associated certificate.
DaveWWWAuthor Commented:
Thanks Rich,

Although the software provider says they offer no comment on accessing the database from the Internet, his email did include this comment:

"The application is running under Tomcat,  Requests are being redirected from IIS to Tomcat via the Jakarta Connector."

It was that statement that made me think the SSL certificate would function properly if installed under IIS.  Do you agree?
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooterCommented:
I agree absolutely.  You can add a second binding to the website (after you have added a certificate on the server)... so it'll respond to http and https while you test.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DaveWWWAuthor Commented:
Thanks very much.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.