I am looking to configure SSL with tomcat 6 and apache web server, using the tomcat connector mod_jk. I am pretty new to this, so please bear with me.
I have SSL certificate purchased and configured in tomcat using keystore file. It is perfectly working if access tomcat directly via https. Now i need apache in front of tomcat, my question is, do i need to provide certificate both in tomcat and apache or just the tomcat? Isn't apache supposed to just pass on the request to tomcat (using JkExtractSSL) and let it handle ssl authentication (verification of certificate)?
If certificate paths need to be configured in both apache and tomcat, then i have cert.p7b and certreq.csr files, which are surely not apache compatible, can you please tell how can i do that?
I have the following configuration so far:
httpd.conf:
LoadModule ssl_module modules/mod_ssl.so
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /usr/local/apache2/conf/workers.properties
JkShmFile logs/mod_jk.shm
JkLogFile logs/mod_jk.log
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /mywebapp/* worker1
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT
<VirtualHost _default_:80>
DocumentRoot "/var/lib/tomcat6/webapps/mywebapp"
Alias /mywebap "/var/lib/tomcat6/webapps/mywebapp"
<Directory "/var/lib/tomcat6/webapps/mywebapp">
Options Indexes FollowSymLinks
AllowOverride NONE
Order allow,deny
Allow from all
</Directory>
<Location "/mywebapp/WEB-INF/">
AllowOverride None
Deny from all
</Location>
</VirtualHost>
Include conf/extra/httpd-ssl.conf
httpd-ssl-conf:
<VirtualHost _default_:443>
DocumentRoot "/var/lib/tomcat6/webapps/mywebapp"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +ExportCertData
Alias /mywebapp "/var/lib/tomcat6/webapps/mywebapp"
<Directory "/var/lib/tomcat6/webapps/mywebapp">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
JkMount /mywebapp/* worker1
<Location "/mywebapp/WEB-INF/">
AllowOverride None
Deny from all
</Location>
</VirtualHost>
Important to mention here is there is no SSLCertificateFile and SSLCertificateKeyFile configured in httpd-ssl.conf, as i am not sure, if it is needed in both tomcat and apache web server. I have it already configured in tomcat using keystore file.