AnsweredAssumed Answered

Best Practices - HTTPS

Question asked by danniemstanley on Jul 13, 2007
Latest reply on Jan 2, 2008 by plachance
According to the forums HTTPS has been implemented in one of the following ways:

   * Configure SSL for Tomcat (or other app server)
   * Configure SSL for Apache and use reverse proxy
   * Configure SSL for Apache and use mod_jk

I also read about some problems:

   * Problems loading assets (images) from HTTP URLs when the main page is HTTPS
   * Problems with WebDAV and HTTPS

My questions:

   * Is there a risk running HTTPS in a 500 user production environment?
   * Are the above problems resolved?
   * What is the best-practices approach?  We will most likely be purchasing support.  What is the most common configuration for the commercial version?
   * I noticed in one post someone mentioning that you could pass the login only over HTTPS but the rest of the site over HTTP to save encryption processing.  Is this documented?  Recommended?

Thank you!