The only way to encrypt the data between Apache httpd and Tomcat is to use mod_proxy with https.
In httpd.conf you need something like:
SSLProxyEngine On
SSLProxyVerify require
SSLProxyCACertificateFile conf/cacert.pem
SSLProxyMachineCertificateFile conf/proxy.pem
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/|
Note
|
conf/proxy.pem should contain both key and certificate (and the
certificate must be trusted by Tomcat).
|
|
Note
|
conf/cacert.pem must contain the CA that signed the Tomcat
certificate.
|