tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Betteridge <n.betteri...@syntactics.com>
Subject Re: jakarta - virtual hosts and https
Date Fri, 08 Sep 2000 16:55:15 GMT

> 
> Nick Betteridge wrote:
> 
> > Craig,
> >
> > I'm busy going through catalinas code with a view to implementing https
> > / virtual hosts, and then it suddenly struck me that I had better find
> > out if somebody is already doing this!
> >
> > My end goal would simply be to have certificate names in the server or
> > virtualhost in the server.xml, which would be got from either keystore
> > or jndi/ldap.
> >
> > If nobody is doing this then I'll do it locally here and forward the
> > results for review.
> >
> > Regards
> > Nick Betteridge
> 
> It's interesting that you should mention this ... it is part of what I
> started working on last night!  I would very definitely like to
> collaborate
> on getting this right.  (I need to have SSL authentication and
> certificates
> support available in Tomcat 4.0 because the J2EE RI is going to need
> it).
> 
> Are you planning to have a separate keystore per virtual host?  The
> current
> model of a connector does not support that very well, because the
> existence
> of the keystore is currently hidden down inside the socket factory (in
> other words, it's a per-connectot thing).
> 
> The current way to have per-virtual-host keystores would be to create a
> connector per virtual host, but this is only practical on a
> multi-IP-address server, and doesn't scale to named virtual hosts.
> 
> How about if we discuss the goals to be solved, and possible design
> solutions, on TOMCAT-DEV and then collaborate on getting Tomcat 4.0
> right?
> 

Fine by me to discuss it on TOMCAT-DEV.

Yes, my initial thoughts were to have a keystore per virtual host but I
didn't realise that it requires a multi-IP-address.

Posting this to tomcat-dev@jakarta.apache.org to kick it off

Nick

Mime
View raw message