test

Oracle GlassFish Server 3.0.1 Administration Guide

ProcedureTo Enable SSL Between the mod_jk Load Balancer and GlassFish Server

Before You Begin

The self-signed certificate must be configured.

  1. Perform the steps in To Enable mod_jk.

  2. Start another GlassFish Server with at least one web application deployed.

    In order for the mod_jk–enabled network listener to start listening for requests, the web container must be started. Normally, this is achieved by deploying a web application.

  3. Follow instructions from To Configure an HTTP Listener for SSL on the mod_jk connector.

    Use the following format:


    asadmin> create-ssl --type http-listener --certname sampleCert new-listener

  4. Add the following directives in the httpd.conf file under the /etc/apache2/conf.d directory:

    # Should mod_jk send SSL information (default is On)
JkExtractSSL On
# What is the indicator for SSL (default is HTTPS)
JkHTTPSIndicator HTTPS
# What is the indicator for SSL session (default is SSL_SESSION_ID)
JkSESSIONIndicator SSL_SESSION_ID
# What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
JkCIPHERIndicator SSL_CIPHER
# What is the indicator for the client SSL certificated? (default is SSL_CLIENT_CERT)
JkCERTSIndicator SSL_CLIENT_CERT

  5. To apply your changes, restart Apache HTTP Server and GlassFish Server.