tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Knauf" <Aar...@geniesystems.com>
Subject Re: [TC4] multiple certificates
Date Wed, 22 Nov 2000 07:11:35 GMT
I believe that the different port idea is correct (for any web server - 
not just tomcat). 

Another point to consider is that if tomcat is used in conjunction with a 
web server (such as apache or IIS), the web server does all of the SSL 
stuff for the communication with the browser, so you are stuck with web 
server limitations that are out of tomcat's control.



--------------------------------------------------------------------------------
Aaron Knauf
Systems Integrator
Genie Systems Ltd
Auckland, New Zealand
Ph. +64-9-573 3310 x812
email: aaronk@geniesystems.com
http://www.geniesystems.com
--------------------------------------------------------------------------------




"Warner Onstine" <warner@warneronstine.com>
22/11/2000 18:36
Please respond to tomcat-dev

 
        To:     <tomcat-dev@jakarta.apache.org>
        cc: 
        Subject:        Re: [TC4] multiple certificates



----- Original Message -----
From: "Craig R. McClanahan" <Craig.McClanahan@eng.sun.com>
To: <tomcat-dev@jakarta.apache.org>
Sent: Tuesday, November 21, 2000 7:43 PM
Subject: Re: [TC4] multiple certificates


> Warner Onstine wrote:
>
> > Hi all,
> > It's been a while since I looked at the SSL stuff and I just received 
a
> > request which I'm not sure how it would be handled in TC4.  Would it 
be
> > possible to handle multiple certificates for SSL per servlet?  If this
needs
> > further clarification let me know.
> >
>
> I guess I don't quite get what you are after.
>
> Are you talking about a certificate chain that authenticates an 
individual
> user?  If so, that is already supported -- the request attribute that 
you
get is
> an array of certificate objects, with the first one being the 
certificate
of the
> client principal, and the subsequent ones being the certificates of the
> certificate authorities vouching for the previous certificate in the
chain.

Sure, what we're working with is possibly using different server
certificates for different servlets, is this at all possible? From what I
can tell right now, no.

Basically what I see right now is if we turn on ssl support it uses the
certificate that you specify for each connection from the
SSLServerSocketFactory.  The only way I can see doing this is to specify a
different port for different certificates, correct?

> If that's not what you are after, could you please explain further?
>
>
> Craig

Thanks,
-warner



Mime
View raw message