tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donie Kelly <donie.ke...@tecnomen.ie>
Subject RE: Multiple SSL Certificates
Date Mon, 10 Feb 2003 18:41:15 GMT
This problem has been discussed here before so search the archives. Short
answer is that Tomcat cannot support two SSL certificates on the same port
so while tomcat supports virtual hosting, it cannot work with SSL. This is
not a limitation of Tomcat but a limitation of the SSL protocol which must
encrypt the link before passing any data to tomcat that could allow it to
decide which certificate to use.

Easy solution is to run two tomcat instances (two jvm's) and maybe use a
load balancer that does port translation. There are other ways but if you
search the archives you see what I mean.

Donie


-----Original Message-----
From: Driscoll, Jerry [mailto:jdriscoll@chesapeake.edu]
Sent: 10 February 2003 18:38
To: tomcat-user@jakarta.apache.org
Subject: Multiple SSL Certificates

I am running Tomcat 4.1 as a standalone server with two separate IP
addresses (one for internet and the other for intranet access), both
pointing to the same application.  I ordered two certificates from Verisign
(who stated I needed two) and installed both in Tomcat using the keystore
utility. However, only one certificate is recognized. The internet
certificate with name test1.internet.app is recognized, but the other
certificate with name test2.intranet.app is not. Depending on which one I
install first, that is the one that is recognized. So I called Verisign
(they do not support Tomcat) and they stated that I need to get Tomcat to
support multiple certificates. If I only need one, how do I get Tomcat to
recognize both IP addresses or both names?  Do I just define a virtual host
for each IP address (or domain name) that it serves in the server.xml file?

Jerry L. Driscoll
WEB Implementation Manager
Chesapeake College
P.O. Box 8
Wye Mills, MD  21679
Phone: 410-827-585


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message