tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <>
Subject RE: Tomcat SSL for multiple domains
Date Thu, 07 Feb 2008 15:41:37 GMT
> From: Dave []
> the
> machine has one IP address. But there are two top-level
> domains (not subdomains) mapping to the ip address.
>   I need to setup SSL. As far as I know, SSL certificate is
> set up for one domain only. Using the different domains will
> get a security warning from web browser. (domain name does not match)
> Can SSL certificate be ip address based? Or Tomcat support
> SSL multiple domains(prevent warnings from browser)?

Tomcat can support multiple SSL domains.  *But* there is a fundamental point about SSL: the
secure connection is negotiated before the HTTP host header is sent.  That means that _no
web server, of any kind, can successfully host SSL for multiple domains on the same port on
the same IP address_.

You have two possible workarounds:

- Get a second IP address assigned to the machine.  This is often easier than it sounds. 
Map one domain to each IP address, and bind each of your two SSL connectors to one IP.  At
this point, everything Just Works for the user.

- Run SSL for one domain on port 443, and for the other domain on a different port - say 8443.
 This gives a slightly messy user experience, as you have but

This is a limitation of SSL; it is not Tomcat-specific.

                - Peter

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message