tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <p...@jbgb.com>
Subject Re: Using more than one SSL cert in keystore?
Date Tue, 09 Aug 2005 13:47:21 GMT
Justin Jaynes wrote:

> Thanks.  I am doing as you have instructed.  I hope to
> set up client-side redirects.  Can you please tell me
> how?  Does it require javascript, or just HTML?  Where
> can I learn about client side re-directs?

Try Google (Web and Groups)

You can do it like this (relies on JavaScript):

<html>
	<head>
		<title>redirection page</title>
	</head>
	<body onLoad="window.location.replace('http://me.com/myapp')">
	</body>
<html>

and I think you can also do it with an HTTP header
but I don't have details to hand...

Paul S.

> Justin Jaynes
> 
> --- Paul Singleton <paul@jbgb.com> wrote:
> 
> 
>>Justin Jaynes wrote:
>>
>>
>>>...But now I would like to put up a new
>>>site that is completely independant of the others.
>>
>> It
>>
>>>needs its own SSL cert and it needs four host
>>
>>names to
>>
>>>all point to the same place and redirect to just
>>
>>one
>>
>>>of the domain names so that the SSL cert will be
>>>valid, regardless of how the users chose to get to
>>
>>my
>>
>>>site.
>>
>>An SSL cert is for a specific domain name.  If you
>>want
>>your users to be able to make HTTPS requests to all
>>four
>>domains without warnings from the browser, I reckon
>>you
>>need four certificates.
>>
>>But if they make non-SSL requests, and you respond
>>with
>>a client-side redirect to your one true certificated
>>site using HTTPS, that may work OK?
>>
>>
>>>Is it possible to do Virtual Hosting using IP's on
>>
>>a
>>
>>>Tomcat standalone installation?
>>
>>Yes, I'm doing this now with 5.5.9
>>
>>You need e.g. this server.xml stuff for each host:
>>
>>   Service
>>     Connector (HTTP)
>>     Connector (HTTPS)
>>     Engine
>>       Host
>>         Context
>>
>>You can use the default keystore for all hosts, and
>>use the (undocumented) keyAlias="myalias" Connector
>>attribute
>>to offer the appropriate certificate for each host,
>>e.g.
>>
>>         <Connector
>>           address="288.104.197.211"
>>           port="8443"
>>           scheme="https"
>>           secure="true"
>>           sslProtocol="TLS"
>>           keyAlias="mrk2"
>>         />
>>
>>(in 5.5.9 you also need sslProtocol="TLS"
>>explicitly,
>>fixed in later versions)
>>
>>Paul Singleton
>>
>>
>>-- 
>>No virus found in this outgoing message.
>>Checked by AVG Anti-Virus.
>>Version: 7.0.338 / Virus Database: 267.10.0/63 -
>>Release Date: 3/Aug/2005
>>
>>
>>
> 
> ---------------------------------------------------------------------
> 
>>To unsubscribe, e-mail:
>>tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail:
>>tomcat-user-help@jakarta.apache.org
>>
>>
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.3/66 - Release Date: 8/Aug/2005


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message