Return-Path: <serle@creator.co.za>
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 59896 invoked from network); 3 Aug 2000 08:06:02 -0000
Received: from unknown (HELO mail.creator.co.za) (196.31.67.32)
  by locus.apache.org with SMTP; 3 Aug 2000 08:06:02 -0000
Received: by mail.creator.co.za from localhost
    (router,SLMail V3.2); Thu, 03 Aug 2000 10:07:24 +0200
Received: from fnerg [196.31.67.2]
 by mail.creator.co.za [196.31.67.32]  (SLmail 3.2.3113) with SMTP
 id B793091A676811D4BA3C0004ACC67E0E
 for <tomcat-dev@jakarta.apache.org>; Thu, 03 Aug 2000 10:07:23 0200
Message-ID: <02ce01bffd21$81c01320$cb00000a@CREATORNET>
From: "Serle Shuman" <serle@creator.co.za>
To: <tomcat-dev@jakarta.apache.org>
Subject: [Catalina] SSL implementation questions and comments
Date: Thu, 3 Aug 2000 10:04:54 +0200
Organization: Creator Solutions
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_02CB_01BFFD32.453B0070"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-SLUIDL: 204B7C0F-676811D4-BA3C0004-ACC67E0E
X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N

------=_NextPart_000_02CB_01BFFD32.453B0070
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I've got SSL working, however, can someone explain where in the code =
jsse is instructed to use the tomcat key as opposed to some other key. =
Would it be possible to choose the key based on the virtual host or =
virtual host alias name. (this would be required to pass the browser =
assertion that the site name =3D=3D certificate name). This seems like a =
bit of a catch-22 as this info seems to only be communicated after SSL =
setup which includes key-exchange.

Also I think that the keystore should be a catalina keystore, not the =
users default keystore. i.e. default keystore should be somwhere =
realative to tomcat home, maybe in =
<tomcat_home>/conf/security/tomcat.keystore.

Serle


------=_NextPart_000_02CB_01BFFD32.453B0070
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I've got SSL working, however, can =
someone explain=20
where in the code jsse is instructed to use the tomcat key as opposed to =
some=20
other key. Would it be possible to choose the key based on the virtual =
host or=20
virtual host alias name. (this would be required to pass the browser =
assertion=20
that the site name =3D=3D certificate name). This seems like a bit of a =
catch-22 as=20
this info seems to only be communicated after SSL setup which includes=20
key-exchange.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Also I think that&nbsp;the keystore =
should be a=20
catalina keystore, not the users default keystore. i.e. default keystore =
should=20
be somwhere realative to tomcat home, maybe in=20
&lt;tomcat_home&gt;/conf/security/tomcat.keystore.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Serle</FONT></DIV>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_02CB_01BFFD32.453B0070--