One of our customer would like to use our solution under a quite complex network architecture. In particular they are using a Cisco SSL Offload service Module (SSLM)
Any client connection to the application server is made only through a HTTPS connection via the SSL Offload service. The SSL Offload service will communicate with the Web Server using HTTP on port 8080. HTTP Tunnelling will be used.
They will require one Digital Certificate for https traffic and also one for the Java Smart Client application.
I would like to know if Servoy will be able to run normally under this kind of architecture?
I assume the HTTPS connection can be setup using the administration page, but how to you certify the Java Smart Client application?
you have to use the tunnel for this and configure it to use https.
But why do you also need a certificate on the client? Is this also really client side certificate validation? So do all the clients have there own personal certificate?
I dont know from top of my head if the tunnel has support for that…
In fact they would like to certify the Servoy part (in Java) with their own certificate. Then they use another certificate for the communication part.
So instead of having “Servoy B.V.” they would have their organisation:
How can you modify this certificate?
How do you configure the HTTPS Tunnel? Is that automatic once you do the keystore configuration in the admin page? Or do you have to make more modifications?
That certificate isnt used to do the communication.
That certificate is just the signing info of the classes you download, so that you know that you can trust the classes or not.
You can’t just change that. Its how we are building and signing all our jars.
So, how do you configure the HTTPS Tunnel? Is that automatic once you do the keystore configuration in the admin page? Or do you have to make more modifications than a standard SSL connection?
no the keystore configuration on the admin pages are used for rmi over ssl sockets or ssl over http if you would use the tunnel
What you want is http over ssl (so the other way round). For that you have to configure tomcat to use the https connecter (see server.xml) and configure tomcat’s keystore
But looking at your setup. your SSLM would be making normal http contact to our tomcat and the https connection is only from a client to that SSLOffload service
I have to check if this is currently possible at all. Because what you want is the server in http mode but the clients in https mode. I dont think we support that.
jcompagner:
But looking at your setup. your SSLM would be making normal http contact to our tomcat and the https connection is only from a client to that SSLOffload service
I have to check if this is currently possible at all. Because what you want is the server in http mode but the clients in https mode. I dont think we support that.
