SSL with Tomcat and IIS

Markfre1

My front web page is running under IIS. The login button then calls AIM and uses Tomcat. This site doesn't really need a lot of security but I did not want the Google Unsecured site message coming up starting in July so I was thinking of just securing the IIS. But I'm thinking, when it goes into AIM/Tomcat, messages may start coming up there as well.

So it seems to me that I have to use an SSL certificate on IIS and use the same one on Tomcat.

I appreciate feedback on this and if anyone does not have SSL, you really don't want Chrome with big WARNING messages popping up on your stie.

Thanks for any input you can provide. Mark F

rocketman

Some links for you. Bit pushed for time right now but will try to get back on tomorrow unless someone else replies

https://letsencrypt.org

http://keystore-explorer.org/downloads.html

you can google for installing ssl certs in Tomcat - will try to find my link later, but I'm sure there's a post on this forum somewhere. Keystore explorer will help you create the keystone and install the certs, then you just need to point to them in Tomcats server.xml file.

This is my modded server.xml file (the bit that matters)

If you want to get auto redirection working you have to mod the web.xml file as well

Markfre1

I've previously installed a tomcat SSL on another server using the instructions that were in the forum. On that server it was directly going into AIM like https://xyz.com:8080/AwareIM/logonOp.aw?&domain=xxxxxxxxx. So all the redirections worked for all the pages.

In the server I am talking about, it first has to go the https://xyz.com . This is a page served up by IIS.

This page has a login that will go into AIM. Which is tomcat.

I really don't care if the AIM page is SSL but I think by not having it with SSL, this will probably also display the google unsecured message. So I guess I need to install the same certificate on both IIS and Tomcat. That was kind of my question.

I'm assuming Tomcat can probably serve up the https://xyz.com instead of IIS, but not sure how I would even do that.

So should I just install the IIS and Tomcat with SSL, or try to figure out how to serve up the main page from Tomcat, and just have SSL for tomcat.

I'm an app programmer, so when it comes to this, it gets a little muddy when going outside of IIS.

Thank, Mark F