Tomcat 6 SSL, Servlets, and Unencrypted Information

I have Tomcat 6 properly configured to use SSL.

conf/server.xml - HTTPS protocol included 开发者_如何学运维to use SSL and port 8003. HTTP protocol configured to redirect to 8003.

webapps/ROOT/WEB-INF/web.xml - transport is confidential for all "/" resources webapps/theme/WEB-INF/web.xml - same as above

When loading ROOT's landing page, I get the warning about "unencrypted information" being included in the page. Firefox dispalys the secure lock with an exclamation point in the bottom right-hand corner. When I refresh the page, the warning goes away and the exclamation point goes away. When clicking on the lock it states that the "connection is encrypted" at the bottom of the window.

ROOT is made up of a number of servlets/struts. Theme is literally just CSS, images, etc.

I have firebug enabled and looking at the Net tab, all resources are pulled in using HTTPS and the proper port. So I'm at a loss there. I've tried a number of different configuration changes with no luck.

Any advice on how to continue to troubleshoot or advice would be greatly appreciated.

-Warren

Is the initial request http://www.y.com/ or https://www.y.com/? It might be complaining about the fact that the redirect was received over HTTP, even though there was no body in that response.

I checked this out with IE and I couldn't reproduce. It led me down the path of investigating Firefox specicially. I found a few bugs related to this issue: https://bugzilla.mozilla.org/show_bug.cgi?id=506008 https://bugzilla.mozilla.org/show_bug.cgi?id=550691

While it doesn't solve my problem, I believe I found the root.