tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Serle Shuman" <se...@creator.co.za>
Subject Re: [Catalina] SSL implementation questions and comments
Date Thu, 03 Aug 2000 16:23:38 GMT
A keystore file is meant to contain many keys. The keystorefile variable
specifies the location of the keystore file but does not resolve which key
is used in the keystore. I would like to dynamically select the key
depending on the virtual host and even the alias used to access the virtual
host. I've been wading through JSSE and I can't seem to find an appropriate
call in this regard.

Serle

----- Original Message -----
From: Warner Onstine <onstine@intalio.com>
To: <tomcat-dev@jakarta.apache.org>
Sent: Thursday, August 03, 2000 5:46 PM
Subject: Re: [Catalina] SSL implementation questions and comments


> I can only speak for Tomcat but this is defined in server.xml as the
> keystoreFile variable (I believe, its been a couple of months since I
looked
> at the code, and I haven't looked at the Catalina code that was ported by
> Remy Maucherat).
>
> -warner
>
> ----- Original Message -----
> From: Serle Shuman
> To: tomcat-dev@jakarta.apache.org
> Sent: Thursday, August 03, 2000 1:04 AM
> Subject: [Catalina] SSL implementation questions and comments
>
>
> I've got SSL working, however, can someone explain where in the code jsse
is
> instructed to use the tomcat key as opposed to some other key. Would it be
> possible to choose the key based on the virtual host or virtual host alias
> name. (this would be required to pass the browser assertion that the site
> name == certificate name). This seems like a bit of a catch-22 as this
info
> seems to only be communicated after SSL setup which includes key-exchange.
>
> Also I think that the keystore should be a catalina keystore, not the
users
> default keystore. i.e. default keystore should be somwhere realative to
> tomcat home, maybe in <tomcat_home>/conf/security/tomcat.keystore.
>
> Serle
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>


Mime
View raw message