tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jef Sullivan" <j...@ikano.com>
Subject RE: Using more than one SSL cert in keystore?
Date Fri, 05 Aug 2005 18:32:24 GMT
Can keytool be used to make a wildcard SSL Key for similar URLs?
I know it can be done using apache.



Jef Sullivan
Programmer
IKANO Communications, Inc.
 

> -----Original Message-----
> From: Paul Singleton [mailto:paul@jbgb.com] 
> Sent: Thursday, August 04, 2005 8:21 AM
> To: Tomcat Users List; justinjaynes@yahoo.com
> Subject: Re: Using more than one SSL cert in keystore?
> 
> Justin Jaynes wrote:
> 
> > ...But now I would like to put up a new site that is completely 
> > independant of the others.  It needs its own SSL cert and it needs 
> > four host names to all point to the same place and redirect to just 
> > one of the domain names so that the SSL cert will be valid, 
> regardless 
> > of how the users chose to get to my site.
> 
> An SSL cert is for a specific domain name.  If you want your 
> users to be able to make HTTPS requests to all four domains 
> without warnings from the browser, I reckon you need four 
> certificates.
> 
> But if they make non-SSL requests, and you respond with a 
> client-side redirect to your one true certificated site using 
> HTTPS, that may work OK?
> 
> > Is it possible to do Virtual Hosting using IP's on a Tomcat 
> standalone 
> > installation?
> 
> Yes, I'm doing this now with 5.5.9
> 
> You need e.g. this server.xml stuff for each host:
> 
>    Service
>      Connector (HTTP)
>      Connector (HTTPS)
>      Engine
>        Host
>          Context
> 
> You can use the default keystore for all hosts, and use the 
> (undocumented) keyAlias="myalias" Connector attribute to 
> offer the appropriate certificate for each host, e.g.
> 
>          <Connector
>            address="288.104.197.211"
>            port="8443"
>            scheme="https"
>            secure="true"
>            sslProtocol="TLS"
>            keyAlias="mrk2"
>          />
> 
> (in 5.5.9 you also need sslProtocol="TLS" explicitly, fixed 
> in later versions)
> 
> Paul Singleton
> 
> 
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.338 / Virus Database: 267.10.0/63 - Release 
> Date: 3/Aug/2005
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message