I just checked in a third (but commented) Tomcat <Connector>. It can be uncommented by users if they need this capability. The comments in server.xml tell you when you would might want to do this: <!-- Provides a secure but un-authenticated https connector for browsers to use. Uncomment this connector if all of the following are true: 1) the server-to-agent communications is secured via the sslservlet transport 2) the server-to-agent communications always require agents to authenticate themselves with certificates 3) you want to allow users' browsers to access the GUI via the https: protocol 4) you do not want to force users' browsers to authenticate themselves with certificates --> Just to be clear, by default, this connector doesn't exist and its port isn't open - out of box this connector will be commented out. You have to explictly turn it on by uncommenting it if you want it. (BTW: I did test this scenario and it works - you can have two secure connectors where one requires cert auth and the other doesn't) ----- Original Message ----- From: "Heiko W.Rupp" <hwr(a)redhat.com&gt; To: "jopr-dev" <jopr-dev(a)lists.jboss.org&gt; Sent: Thursday, February 26, 2009 9:32:10 AM GMT -05:00 US/Canada Eastern Subject: Re: [jopr-dev] tomcat and agent security Am 25.02.2009 um 21:46 schrieb John Mazzitelli: Would an alternative to have 2 connectors with ssl enabled - one for the agent and the other for the clients? Or does tomcat have a restriction to 1 connector with ssl? Heiko -- Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen Handelsregister: Amtsgericht Muenchen HRB 153243 Geschaeftsfuehrer: Brendan Lane, Charlie Peters, Michael Cunningham, Werner Knoblich _______________________________________________ jopr-dev mailing list jopr-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/jopr-dev