tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: [HTTPS] more web app each one with a proper certificate
Date Mon, 26 Nov 2007 19:03:49 GMT
Hash: SHA1


Raffaele wrote:
> Inside server.xml, I have decommented the xml fragment about https, but I
> have noticed studying a little the documentation that through keyAlias
> attribute I can specify a specific alias to be used as valid certificate. 
> My question is, How should I configure server.xml (or other things) to use
> different certificates with different web apps?

Typically, certificates are bound to domain names, not web applications.
Are you saying that you want to have multiple virtual hosts, each with
separate certificates?

I don't believe that's possible, not even with any other server. The
problem is that the client contacts a particular port (usually 443 for
HTTPS) and is immediately presented with the server's certificate
(before any other information is transmitted). Since virtual hosting
works by having the server sniff the client's "Host" HTTP header,
there's no time to read that header before the certificate needs to be
presented to the client.

Basically, if you want more than one cert, you need more than one port
listening for HTTPS requests, each with the appropriate cert configured
for each. The same is true for Apache, IIS, etc. -- it's an issue with
the protocol, not the implementation.

- -chris

Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla -


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message