tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <Peter.Crowt...@melandra.com>
Subject RE: Tomcat SSL for multiple domains
Date Thu, 07 Feb 2008 15:41:37 GMT
> From: Dave [mailto:javaone9@yahoo.com]
> the
> machine has one IP address. But there are two top-level
> domains (not subdomains) mapping to the ip address.
>
>   www.domain1.com
>   www.domain2.com
>
>   I need to setup SSL. As far as I know, SSL certificate is
> set up for one domain only. Using the different domains will
> get a security warning from web browser. (domain name does not match)
>
> Can SSL certificate be ip address based? Or Tomcat support
> SSL multiple domains(prevent warnings from browser)?

Tomcat can support multiple SSL domains.  *But* there is a fundamental point about SSL: the
secure connection is negotiated before the HTTP host header is sent.  That means that _no
web server, of any kind, can successfully host SSL for multiple domains on the same port on
the same IP address_.

You have two possible workarounds:

- Get a second IP address assigned to the machine.  This is often easier than it sounds. 
Map one domain to each IP address, and bind each of your two SSL connectors to one IP.  At
this point, everything Just Works for the user.

- Run SSL for one domain on port 443, and for the other domain on a different port - say 8443.
 This gives a slightly messy user experience, as you have https://www.domain1.com but https://www.domain2.com:8443.

This is a limitation of SSL; it is not Tomcat-specific.

                - Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message