tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <p...@jbgb.com>
Subject Re: Using more than one SSL cert in keystore?
Date Thu, 04 Aug 2005 14:20:52 GMT
Justin Jaynes wrote:

> ...But now I would like to put up a new
> site that is completely independant of the others.  It
> needs its own SSL cert and it needs four host names to
> all point to the same place and redirect to just one
> of the domain names so that the SSL cert will be
> valid, regardless of how the users chose to get to my
> site.

An SSL cert is for a specific domain name.  If you want
your users to be able to make HTTPS requests to all four
domains without warnings from the browser, I reckon you
need four certificates.

But if they make non-SSL requests, and you respond with
a client-side redirect to your one true certificated
site using HTTPS, that may work OK?

> Is it possible to do Virtual Hosting using IP's on a
> Tomcat standalone installation?

Yes, I'm doing this now with 5.5.9

You need e.g. this server.xml stuff for each host:

   Service
     Connector (HTTP)
     Connector (HTTPS)
     Engine
       Host
         Context

You can use the default keystore for all hosts, and
use the (undocumented) keyAlias="myalias" Connector attribute
to offer the appropriate certificate for each host, e.g.

         <Connector
           address="288.104.197.211"
           port="8443"
           scheme="https"
           secure="true"
           sslProtocol="TLS"
           keyAlias="mrk2"
         />

(in 5.5.9 you also need sslProtocol="TLS" explicitly,
fixed in later versions)

Paul Singleton


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.0/63 - Release Date: 3/Aug/2005


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message