Sun GlassFish Enterprise Server v3 Administration Guide

ProcedureTo Enable SSL Between the mod_jk Load Balancer and Enterprise Server

Before You Begin

The self-signed certificate must be configured.

  1. Perform the steps in To Enable mod_jk.

  2. Start another Enterprise Server with at least one web application deployed.

    In order for the mod_jk–enabled network listener to start listening for requests, the web container must be started. Normally, this is achieved by deploying a web application.

  3. Follow instructions from To Configure an HTTP Listener for SSL on the mod_jk connector.

    Use the following format:

    asadmin> create-ssl --type http-listener --certname sampleCert new-listener
  4. Add the following directives in the httpd.conf file under the /etc/apache2/conf.d directory:

    # Should mod_jk send SSL information (default is On)
    JkExtractSSL On
    # What is the indicator for SSL (default is HTTPS)
    JkHTTPSIndicator HTTPS
    # What is the indicator for SSL session (default is SSL_SESSION_ID)
    # What is the indicator for client SSL cipher suit (default is SSL_CIPHER)
    # What is the indicator for the client SSL certificated? (default is SSL_CLIENT_CERT)
  5. (Optional) To support both SSL and non-SSL connection, create two mod_jk–enabled network listeners and workers.

    Example file:

    #This example shows a
    worker.list=ajp13unsecure, ajp13secure

    Secure and unsecure HTTP listeners with ports 8009 and 8010 are created and enabled for mod_jk. For instructions, see To Enable mod_jk.

  6. To apply your changes, restart Apache HTTP Server and Enterprise Server.