Hello Jan,
The misconfiguration with the workernames are a copy+paste error.
I have already done something in similar effect. I configured the apache with ssl, put the certificate, and then forwarded that to a worker that connects to glassfish to a non-secure mod_jk listener.
But now the apache is doing all the ssl work?
I also could not identifiy the cons/pros of letting apache do the ssl or doing it with glassfish.
Also I noticed that secureCookie="true" causes everytime you refresh the page you get a new jsession_id. switching from http to https will protect the cookie, but not the otherway around. But when set to false, it will work. (https->http, http->https) I guess thats not the most securest way, but...
Best Regards
[Message sent by forum member 'cambazz' (cambazz_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=389035