tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [HTTPS] more web app each one with a proper certificate
Date Mon, 26 Nov 2007 19:03:49 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Raffaele,

Raffaele wrote:
> Inside server.xml, I have decommented the xml fragment about https, but I
> have noticed studying a little the documentation that through keyAlias
> attribute I can specify a specific alias to be used as valid certificate. 
> 
> My question is, How should I configure server.xml (or other things) to use
> different certificates with different web apps?

Typically, certificates are bound to domain names, not web applications.
Are you saying that you want to have multiple virtual hosts, each with
separate certificates?

I don't believe that's possible, not even with any other server. The
problem is that the client contacts a particular port (usually 443 for
HTTPS) and is immediately presented with the server's certificate
(before any other information is transmitted). Since virtual hosting
works by having the server sniff the client's "Host" HTTP header,
there's no time to read that header before the certificate needs to be
presented to the client.

Basically, if you want more than one cert, you need more than one port
listening for HTTPS requests, each with the appropriate cert configured
for each. The same is true for Apache, IIS, etc. -- it's an issue with
the protocol, not the implementation.

Sorry,
- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHSxiV9CaO5/Lv0PARAoemAKC3lZsYpiUxPl/e5AoFih0s+cfT+ACguiI5
3XIyGrscaN9klxk40bkrrp4=
=wphr
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message