• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

SSL Between two instances of tomcat.

 
Ranch Hand
Posts: 275
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,
I am trying to set up a secure connection between two instances of tomcat. I need to ensure that the "back" instance will only take connections from the "front" instance. This needs to be done over a SSL. So far I have created a separate certificate for each instance and exported the public part of it to the other instance. I have also set a separate keystore for each instance and modified the server.xml file accordingly.
What I would like to know is how do I tell the back tomcat to authenticate the server its passing data to (the front tomcat). I’ve tried to use client authentication but this simply prompts the user to submit a certificate.
I’m guessing it’s a setting in a security file somewhere but I’ve yet to find it!
Thanks
Ian Anderson
 
Bartender
Posts: 20842
125
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's ambitious!
If the two Tomcats are on the same server or operating totally withing a trusted environment (same LAN, firewalls) I'd only worry about SSL if I was doing something where security was REALLY tight like nuclear missles, New York Stock Exchange, etc.
The simplest way to do it should be to set up the "server" server to handle SSL in the normal way and have the "client" server issue a request via an https URLConnection. If there's a lot of traffic, you may prefer to run daemon threads in the servers and use SSL socket connections to avoid the overhead of setting up and tearing down the SSL sockets for each request.
 
Consider Paul's rocket mass heater.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!