I have a web service hosted on Tomcat that is behind IIS 6.0. I use Tomcat Connector to connect Tomcat to IIS.
My web service opens an SSL connection to another server:
- Is the SSL connection made from Tomcat, or from IIS, and which SSL keystore (Windows vs. Tomcat) is used?
- Is it possible to see the outbound SSL connection in a log file?
If you mean in your Java code you're opening an SSL connection, then it's made from tomcat and uses tomcat's keystore.
Only if you log it. I recommend logging every hit to an external dependency in an app.