Adding SSL to your HTTPD
So far, the communication between our client and Apache has not been encrypted. SSL is the standard used for end to end encryption on the Web. There are two ways you can add SSL to your assembly here. One is, you can add SSL to your Apache web server so that the traffic between your client and the web server is encrypted. Apache then decrypts the traffic. In our case, Apache is serving the static pages, whereas the dynamic content is passed on to Tomcat. In this scenario, the traffic between Apache and Tomcat remains unencrypted. This reduces the load on Tomcat. However, this also assumes that the network connection between Tomcat and the web server is secure.
Note
Please note how to secure the connection is left to you and not mentioned in this book.
In the second scenario, the connections to Tomcat are passed on as is and are decrypted at the Tomcat end. This complicates things a bit because now we have to deal with two SSL certificates: one at the Apache and another...