tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GOMEZ Henri <hgo...@slib.fr>
Subject RE: [TC4] multiple certificates
Date Wed, 22 Nov 2000 10:03:56 GMT
Apache (with mod_ssl) use VirtualHost directive :

Basically you give a certificate to a server, a server is 
an IP adress and a listen port number.

Tomcat will handle Virtual Host and the SSL certificate support
must be there.

One virtual host, one certificate.

You could also add different listen port :

        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler"
 
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
             <Parameter name="port" 
                 value="8443"/>
 			<Parameter name="keystore"
 				value="/var/tomcat/conf/keystore"/>
 			<Parameter name="keypass"
 				value="changeit"/>
 			<Parameter name="clientAuth"
 				value="false"/>
             <Parameter name="socketFactory" 
                 value="org.apache.tomcat.net.SSLSocketFactory" />
         </Connector>

        <Connector className="org.apache.tomcat.service.PoolTcpConnector">
            <Parameter name="handler"
 
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
             <Parameter name="port" 
                 value="8444"/>
 			<Parameter name="keystore2"
 				value="/var/tomcat/conf/keystore"/>
 			<Parameter name="keypass"
 				value="changeit"/>
 			<Parameter name="clientAuth"
 				value="false"/>
             <Parameter name="socketFactory" 
                 value="org.apache.tomcat.net.SSLSocketFactory" />
         </Connector>


Alternate question. I didn't see in the code TC3 where the 
multiple alias present in a keystore are used.
Could be nice to have all server certificate in the same keystore
and have access to them via another parameter :

	<Parameter name="alias" 
		value="tomcat1"/>
 

>-----Original Message-----
>From: Warner Onstine [mailto:warner@warneronstine.com]
>Sent: Wednesday, November 22, 2000 6:37 AM
>To: tomcat-dev@jakarta.apache.org
>Subject: Re: [TC4] multiple certificates
>
>
>
>----- Original Message -----
>From: "Craig R. McClanahan" <Craig.McClanahan@eng.sun.com>
>To: <tomcat-dev@jakarta.apache.org>
>Sent: Tuesday, November 21, 2000 7:43 PM
>Subject: Re: [TC4] multiple certificates
>
>
>> Warner Onstine wrote:
>>
>> > Hi all,
>> > It's been a while since I looked at the SSL stuff and I 
>just received a
>> > request which I'm not sure how it would be handled in TC4. 
> Would it be
>> > possible to handle multiple certificates for SSL per 
>servlet?  If this
>needs
>> > further clarification let me know.
>> >
>>
>> I guess I don't quite get what you are after.
>>
>> Are you talking about a certificate chain that authenticates 
>an individual
>> user?  If so, that is already supported -- the request 
>attribute that you
>get is
>> an array of certificate objects, with the first one being 
>the certificate
>of the
>> client principal, and the subsequent ones being the 
>certificates of the
>> certificate authorities vouching for the previous certificate in the
>chain.
>
>Sure, what we're working with is possibly using different server
>certificates for different servlets, is this at all possible? 
>From what I
>can tell right now, no.
>
>Basically what I see right now is if we turn on ssl support it uses the
>certificate that you specify for each connection from the
>SSLServerSocketFactory.  The only way I can see doing this is 
>to specify a
>different port for different certificates, correct?
>
>> If that's not what you are after, could you please explain further?
>>
>>
>> Craig
>
>Thanks,
>-warner
>

Mime
View raw message