• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSL Between two instances of tomcat.

 
Ranch Hand
Posts: 275
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,
I am trying to set up a secure connection between two instances of tomcat. I need to ensure that the "back" instance will only take connections from the "front" instance. This needs to be done over a SSL. So far I have created a separate certificate for each instance and exported the public part of it to the other instance. I have also set a separate keystore for each instance and modified the server.xml file accordingly.
What I would like to know is how do I tell the back tomcat to authenticate the server its passing data to (the front tomcat). I’ve tried to use client authentication but this simply prompts the user to submit a certificate.
I’m guessing it’s a setting in a security file somewhere but I’ve yet to find it!
Thanks
Ian Anderson
 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's ambitious!
If the two Tomcats are on the same server or operating totally withing a trusted environment (same LAN, firewalls) I'd only worry about SSL if I was doing something where security was REALLY tight like nuclear missles, New York Stock Exchange, etc.
The simplest way to do it should be to set up the "server" server to handle SSL in the normal way and have the "client" server issue a request via an https URLConnection. If there's a lot of traffic, you may prefer to run daemon threads in the servers and use SSL socket connections to avoid the overhead of setting up and tearing down the SSL sockets for each request.
 
reply
    Bookmark Topic Watch Topic
  • New Topic