The self-signed certificate must be configured.
Perform the steps in To Enable mod_jk.
Start another Enterprise Server with at least one web application deployed.
In order for the mod_jk–enabled network listener to start listening for requests, the web container must be started. Normally, this is achieved by deploying a web application.
Follow instructions from To Configure an HTTP Listener for SSL on the mod_jk connector.
Use the following format:
asadmin> create-ssl --type http-listener --certname sampleCert new-listener |
Add the following directives in the httpd.conf file under the /etc/apache2/conf.d directory:
# Should mod_jk send SSL information (default is On) JkExtractSSL On # What is the indicator for SSL (default is HTTPS) JkHTTPSIndicator HTTPS # What is the indicator for SSL session (default is SSL_SESSION_ID) JkSESSIONIndicator SSL_SESSION_ID # What is the indicator for client SSL cipher suit (default is SSL_CIPHER) JkCIPHERIndicator SSL_CIPHER # What is the indicator for the client SSL certificated? (default is SSL_CLIENT_CERT) JkCERTSIndicator SSL_CLIENT_CERT
(Optional) To support both SSL and non-SSL connection, create two mod_jk–enabled network listeners and workers.
Example workers.properties file:
#This example shows a worker.properties worker.list=ajp13unsecure, ajp13secure worker.ajp13secure.type=ajp13 worker.ajp13secure.host=localhost worker.ajp13secure.port=8009 worker.ajp13unsecure.type=ajp13 worker.ajp13unsecure.host=localhost worker.ajp13unsecure.port=8010 |
Secure and unsecure HTTP listeners with ports 8009 and 8010 are created and enabled for mod_jk. For instructions, see To Enable mod_jk.
To apply your changes, restart Apache HTTP Server and Enterprise Server.