Can keytool be used to make a wildcard SSL Key for similar URLs? I know it can be done using apache. Jef Sullivan Programmer IKANO Communications, Inc. > -----Original Message----- > From: Paul Singleton [mailto:paul@jbgb.com] > Sent: Thursday, August 04, 2005 8:21 AM > To: Tomcat Users List; justinjaynes@yahoo.com > Subject: Re: Using more than one SSL cert in keystore? > > Justin Jaynes wrote: > > > ...But now I would like to put up a new site that is completely > > independant of the others. It needs its own SSL cert and it needs > > four host names to all point to the same place and redirect to just > > one of the domain names so that the SSL cert will be valid, > regardless > > of how the users chose to get to my site. > > An SSL cert is for a specific domain name. If you want your > users to be able to make HTTPS requests to all four domains > without warnings from the browser, I reckon you need four > certificates. > > But if they make non-SSL requests, and you respond with a > client-side redirect to your one true certificated site using > HTTPS, that may work OK? > > > Is it possible to do Virtual Hosting using IP's on a Tomcat > standalone > > installation? > > Yes, I'm doing this now with 5.5.9 > > You need e.g. this server.xml stuff for each host: > > Service > Connector (HTTP) > Connector (HTTPS) > Engine > Host > Context > > You can use the default keystore for all hosts, and use the > (undocumented) keyAlias="myalias" Connector attribute to > offer the appropriate certificate for each host, e.g. > > address="288.104.197.211" > port="8443" > scheme="https" > secure="true" > sslProtocol="TLS" > keyAlias="mrk2" > /> > > (in 5.5.9 you also need sslProtocol="TLS" explicitly, fixed > in later versions) > > Paul Singleton > > > -- > No virus found in this outgoing message. > Checked by AVG Anti-Virus. > Version: 7.0.338 / Virus Database: 267.10.0/63 - Release > Date: 3/Aug/2005 > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org