Skip to end of metadata
Go to start of metadata

How to configure Tomcat Connector for Apache 2.4?


Install, configure and test the standalone distribution of ADSS Server. ADSS Server can be installed on the same machine for testing where Apache is installed, however this is an unusual configuration. After installation, make sure ADSS Server is running and its services are accessible e.g. the console on: https://<serverName>:8774/adss/console

Installing Apache Web Server and Apache Tomcat Connector

In order to configure the DMZ, you need to install the Apache Web Server and Apache Connector for communication between the Apache Web Server and Tomcat. The following are the installation details:

  • Linux: Install the Apache Web Server using the yum command as follows:  
  • Windows: Download the Apache Web Server from the Apache website:
  • Linux: Once the Apache Web Server is installed, you need to install the APache eXtenSion (apxs) tool to add the Apache Connector module (mod_jk) in the Apache Web Server's modules directory. Use the following commands for the said configurations:
  • Windows: Copy the file to [Installation Directory]\apache\modules directory.
  • Linux: Install the mod_ssl using the command for communication over HTTPS:

Configuring the

  • Linux: Create a file at /etc/httpd/conf/ with name and paste the following text into it:
  • Windows:  Create a file at  [Installation Directory]\apache\modules with name and paste the following text into it:

Use the following worker if you wish to run ADSS Server behind the Apach as DMZ:

Use the following worker if you wish to run ADSS Server Services in a loadbalanced environment as well as DMZ:

Creating CA and SSL Server Authentication Certificates

  • Create a CA and SSL Authentication certificate for server authentication.
  • Create an SSL Server Authentication certificate:
  • Linux: Copy these files at /etc/httpd/conf/ssl/ to configure the SSL Server Authentication using the following commands:
  • Windows:  Copy these files at  [Installation Directory]\apache\modules\ssl\ to configure the SSL Server Authentication

Creating the Client Authentication Certificate


Change the apache-server with your server name where ever it used in this document.

  • Create the Client Authentication certificate for your browser using the following commands:
  • Install the p12 (i.e. john.doe.p12 in this case) in the browser that you will use to access the Apache Web Server
  • Register the myRootCA.crt in the ADSS Server's Trust Manager with options "Certificate Issuance and Trust System Users". 
  • Register a user in Access Control using the certificate you created for client authentication (i.e. john.doe.p12 in this case).
  • Restart the ADSS Server daemons so that the tomcat keystore is updated with the newly registered CA.

Configuring Apache Web Server

  • Add the following text at the end of httpd.conf
  • Add the following text at the end of httpd.conf


  • Linux: Stop the SELinux if it is running so that it may not block the Apache and then start the httpd: 

How to Configure Apache Web Server as Proxy

Apache Web Server can be used as a Proxy Server between client application and ADSS Server. The requests from client application will be sent to Apache, which will redirect these request to the ADSS Server at the back end.


  • Enable mod_proxy and mod_proxy_http modules in the the httpd.conf file to re-route the request on HTTP protocol (just remove the # sign from the start it will enable these features)

  • Add a VirtualHost at the end of the httpd.conf file to receive requests on port 80:

  • Save the configurations and restart the “Apache HTTP Server” service.


  • The below file contains all the proxy module loaded by default
  • Make sure the following modules are listed in this file:
    mod_proxy: The main proxy module for Apache that manages connections and redirects them.
    modproxyhttp: This module implements the proxy features for HTTP and HTTPs protocols.

  • Add the following lines of code to httpd.conf , save and restart the Apache service.

  • No labels