I've seen this asked many times and I think I have an answer that works for my particular situation. Please tell me if I'm right or wrong as I need to get my app deployed by next week. I have a site that MUST be SSL enabled for all pages, including login. Instead of enabling SSL in JBoss, I'm using my site's existing cert that is used by Apache. I'm using mod_rewrite like this inside both virtual hosts: <VirtualHost blah.mysite.com:443> ServerAdmin webmaster(a)dummy-host.example.com DocumentRoot "D:/usr/dev/web/mypath" ServerName blah.mysite.com DirectoryIndex index.html ErrorLog logs/blah-error_log CustomLog logs/blah-access_log common SSLEngine on SSLCertificateFile "C:\Program Files\Apache Group\Apache2\ssl\mycert.cert" SSLCertificateKeyFile "C:\Program Files\Apache Group\Apache2\ssl\mykey.key" SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://blah.mysite.com/$1 [L,R] <VirtualHost blah.mysite.com:80> ServerAdmin webmaster(a)dummy-host.example.com DocumentRoot "D:/usr/dev/web/mypath" ServerName blah.mysite.com DirectoryIndex index.html ErrorLog logs/blah-error_log CustomLog logs/blah-access_log common RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://blah.mysite.com/$1 [L,R] So this says that any request to any of these virtual hosts that ISN'T on port 443 is then redirected using the https: scheme. Is this an exceptable way to require SSL when Jboss is used with Apache and mod_jk? Thanks for the help. The reason why I don't want to enable SSL in JBoss directly is complicated. I work in a big corp environment and they don't like making changes from regular certs to java keystores and the like. B View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3957132#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...