cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jose MarĂ­a Zaragoza <demablo...@gmail.com>
Subject Re: How CXF SOAP server can present a different certificate to different clients?
Date Tue, 20 Dec 2016 19:41:44 GMT
2016-12-20 17:09 GMT+01:00 Gregory Orciuch <g.orciuch@gmail.com>:
> Hi,
>
> we have been solving this kind of issues placing a SSL terminating
> load-balancer before CXF instances;
> Also we considered in-app SSL certficates as not good idea because of
> managing troubles and revocation troubles, and validity checking troubles;
>
> Cheers,
> Gregory
>
> 2016-12-20 16:56 GMT+01:00 dkundo <dkundo@yahoo.com>:
>
>> Hi,
>> my server is listening on multiple IP addresses, and according to the IP
>> client has opened a connection to, a different server certificate should be
>> presented (it's a multi-tenant application where each tenant connects to
>> its
>> own IP address).
>> If I understand correctly I need to implement my own KeyManager, holding
>> multiple certificates and choosing the right one based on the connections'
>> destination IP, but I'd appreciate a confirmation that this is the right
>> thing to do, and also get some code examples / instructions.
>>

I'd use a server with SNI support + virtual hosts
I think Tomcat 8+ do it

Or you could use a frontend with SNI support,  like HAProxy , and to
terminate SSL connection here ( like the latter answer )

>> it's a stand-alone application.
>> Using CXF 3.1.0
>> The CXF configuration is done with Spring.
>>
>> Thanks you
>>
>>
>>
>>
>>
>>
>> --
>> View this message in context: http://cxf.547215.n5.nabble.
>> com/How-CXF-SOAP-server-can-present-a-different-certificate-to-different-
>> clients-tp5775940.html
>> Sent from the cxf-user mailing list archive at Nabble.com.
>>

Mime
View raw message