tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: 5.5.9's choice of certificate from keystore
Date Sun, 05 Jun 2005 21:39:39 GMT

"Paul Singleton" <paul@jbgb.com> wrote in message 
news:42A36CF3.9060002@jbgb.com...
>I believe that a keystore can legitimately contain
> many certificates, whether root- or self-signed.
>
> How does (and should) Tomcat 5.5.9 choose which of
> many such certificates to offer when a client makes
> an HTTPS request?
>
It will use the one with the 'tomcat' alias by default.


> Is there any way of hinting or telling it which to
> use (to help me implement multi-IP-address-based
> virtual root-certified HTTPS hosts)?
>
You can specify the attribute keyAlias="myCertAlias" on the <Connector> 
element to tell Tomcat which cert to use.

> (Empirically, it seems to pick an arbitrary root
> certificate if it can find one, else an arbitrary
> self-signed one...)
>
> Paul Singleton
>
>
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 4/Jun/2005 




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message