tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <>
Subject Re: Creating Virtual Hosts
Date Mon, 08 May 2006 15:31:19 GMT
Jorge Isaac Martínez Hatch wrote:
> Genius all around the world,
> Goal: Intall two SSL certificates in the same server, but working for two
> different IP addresses and domains.
> I have:
> - One server running Tomcat 5.5 over Windows.
> - Two IP addresses.
> - Two domains, one for each IP address.
> - Two SSL certificates one for each domain.
> - A keystore and alias for each certificate.

You can keep both/all certificates in the same keystore (e.g.
the default one) and specify them with the (still undocumented)
Connector attribute


(I reckon one keystore is slightly easier to manage than two)

> I think I need to configure two hosts (or virtual hosts, what's the 
> difference between these?)

A "physical" host is a hardware server, which may support many
virtual hosts, either name-based (several at one IP address,
Tomcat steers requests to corresponding web apps) or address-based
(each app needs its own IP address).

Since certificates are checked *before* Tomcat gets to attempt
name-based virtual hosting, you need a dedicated IP address for
each SSL-enabled app, natch.  Unless things have changed since

>    <Connector port="443"  name=""

No this should be

     <Connector port="443"  address=""

(there is no Connector "name" attribute that I can find)

>      <Host name="" appBase="webapps"

Hmm, I'd expect name="" or similar, not an
IP address.

> It didn't work at all, I have the first certificate on the first IP 
> working. But the second certificate just don't work because it gets the 
> first certificate not the second, so the domains don't match.

If it gets the first cert, then it must be using the first Connector,
which I guess is because, without "address" attributes, both are using
all addresses?

Paul Singleton
> Any help on this is welcome, thank you.
> Isaac Martínez Hatch
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message