CSS11501S-C-K9 SSL Termination

Answered Question
Aug 16th, 2007
User Badges:

This ia a new installation with a Tomcat Web server located behind the CSS, with HTTP running between the Tomcat and the CSS. The CSS is doing SSL termination.

The client web browser successfully connects to the default Tomcat home page using an HTTPS session via the CSS, but whenever the client selects certain links on the home page, such as the Tomcat Administation link, the browser automatically switches from HTTPS to HTTP, and the page fails to load because the CSS is not expecting an HTTP session from the client. What I'm not sure about is what is causing the client to switch from an HTTPS session to HTTP ?

Correct Answer by Martin Kyrc about 9 years 8 months ago

Hi, maybe is a problem here:


1. client requests https://domain/page

2. but server send to client 'redir' code to http://domain/page/ (slash at the end).

HTTP is correct, because server don't known something about SSL termination


try sniff connection between css and server, or css and client, if there any http redirect occurs.


solution: configure 'rewrite' on the css :)

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_820/sslgd/terminat.htm#wp999332


martin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Martin Kyrc Thu, 08/16/2007 - 17:39
User Badges:

Hi, maybe is a problem here:


1. client requests https://domain/page

2. but server send to client 'redir' code to http://domain/page/ (slash at the end).

HTTP is correct, because server don't known something about SSL termination


try sniff connection between css and server, or css and client, if there any http redirect occurs.


solution: configure 'rewrite' on the css :)

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_820/sslgd/terminat.htm#wp999332


martin

russ Fri, 08/17/2007 - 06:35
User Badges:

Hi Martin


Many thanks for the reply. This sounds exactly like the issue we are seeing. It'll be a couple of weeks before I am able to try your suggestion. I will let you know the outcome.


Russell

russ Fri, 08/17/2007 - 06:46
User Badges:

Hi Martin


Many thanks for the reply. This sounds exactly like the issue we are seeing. It'll be a couple of weeks before I am able to try your suggestion. I will let you know the outcome.


Russell

Actions

This Discussion