Fronting CAS with F5 or Apache hints, experience, links, etc..
Andrew Ralph Feller, afelle1
afelle1 at lsu.edu
Thu Aug 14 08:28:03 EDT 2008
I'm having a little trouble understanding what you mean by "SSL certificate
terminates on the front server".
I use to front-end Tomcat with Apache HTTP server in the past due to the
need for mod_rewrite and mod_ssl, however I have since moved to a standalone
Tomcat with APR for SSL.
Is there a particular reason you need to front-end Tomcat?
If your answer is no, then you might check out using Apache Portable Runtime
(APR) to handle SSL, which works just like mod_ssl.
http://www.nabble.com/RE%3A--cas-dev--keytool-needed---to17103709.html#a1710
3709
http://tomcat.apache.org/tomcat-6.0-doc/apr.html
If your answer is yes, then you will want to look into mod_proxy_ajp (for
newer Apache installations) or the older mod_jk. These modules will allow
you to forward requests received by Apache HTTP to Tomcat.
HTH,
A-
On 8/13/08 7:21 PM, "Andrew Bruno" <andrew.bruno at gmail.com> wrote:
> Does anyone have experience in fronting CAS with F5 or Apache, where
> the SSL certificate terminates on the front server?
>
> I know that when using a self signed certificate you need to import
> the certificate into tomcat's JRE cacerts file.
>
> If using a "real" (verign, etc..) certificate, is the import into the
> JRE still required?
>
> Thanks
> Andrew
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
--
Andrew R. Feller, Analyst
Information Technology Services
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
More information about the cas
mailing list