tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Singleton <p...@jbgb.com>
Subject Re: Creating Virtual Hosts
Date Mon, 08 May 2006 15:31:19 GMT
Jorge Isaac Martínez Hatch wrote:
> Genius all around the world,
> 
> Goal: Intall two SSL certificates in the same server, but working for two
> different IP addresses and domains.
> 
> I have:
> - One server running Tomcat 5.5 over Windows.
> - Two IP addresses.
> - Two domains, one for each IP address.
> - Two SSL certificates one for each domain.
> - A keystore and alias for each certificate.

You can keep both/all certificates in the same keystore (e.g.
the default one) and specify them with the (still undocumented)
Connector attribute

   keyAlias="mycert1"

(I reckon one keystore is slightly easier to manage than two)

> I think I need to configure two hosts (or virtual hosts, what's the 
> difference between these?)

A "physical" host is a hardware server, which may support many
virtual hosts, either name-based (several at one IP address,
Tomcat steers requests to corresponding web apps) or address-based
(each app needs its own IP address).

Since certificates are checked *before* Tomcat gets to attempt
name-based virtual hosting, you need a dedicated IP address for
each SSL-enabled app, natch.  Unless things have changed since
5.5.9

>    <Connector port="443"  name="72.3.245.1"

No this should be

     <Connector port="443"  address="72.3.245.1"

(there is no Connector "name" attribute that I can find)

>      <Host name="72.3.245.1" appBase="webapps"

Hmm, I'd expect name="mysecuresite.com" or similar, not an
IP address.

> It didn't work at all, I have the first certificate on the first IP 
> working. But the second certificate just don't work because it gets the 
> first certificate not the second, so the domains don't match.

If it gets the first cert, then it must be using the first Connector,
which I guess is because, without "address" attributes, both are using
all addresses?

Paul Singleton
> 
> Any help on this is welcome, thank you.
> 
> Isaac Martínez Hatch
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message