Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 29983 invoked from network); 11 Feb 2008 15:22:07 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 11 Feb 2008 15:22:07 -0000 Received: (qmail 90063 invoked by uid 500); 11 Feb 2008 15:21:48 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 90040 invoked by uid 500); 11 Feb 2008 15:21:48 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 90029 invoked by uid 99); 11 Feb 2008 15:21:48 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Feb 2008 07:21:48 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [193.174.13.196] (HELO sam.dfn-cert.de) (193.174.13.196) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 11 Feb 2008 15:21:14 +0000 Received: from localhost (unknown [127.0.0.1]) by sam.dfn-cert.de (Postfix) with ESMTP id 5E3B96B4087 for ; Mon, 11 Feb 2008 15:21:21 +0000 (UTC) Received: from animal.dfn-cert.de (animal.dfn-cert.de [193.174.13.11]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "animal.dfn-cert.de", Issuer "DFN-CERT Services GmbH CA - G02" (verified OK)) by sam.dfn-cert.de (Postfix) with ESMTP id DB8476B401F for ; Mon, 11 Feb 2008 16:21:19 +0100 (CET) Message-ID: <47B067EE.9020001@dfn-cert.de> Date: Mon, 11 Feb 2008 16:21:18 +0100 From: =?ISO-8859-1?Q?Jan_M=F6nnich?= User-Agent: Thunderbird 2.0.0.9 (X11/20070801) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: Can Tomcat support multiple SSL certificates for multiple domains? References: <721066.44249.qm@web35506.mail.mud.yahoo.com> <47ADDA16.6090401@ngasi.com> <47B046FF.60705@dfn-cert.de> <4eedb92a0802110710t7ff133e6o9fb48c88005205e4@mail.gmail.com> In-Reply-To: <4eedb92a0802110710t7ff133e6o9fb48c88005205e4@mail.gmail.com> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030602030103080802070106" X-Virus-Checked: Checked by ClamAV on apache.org --------------ms030602030103080802070106 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Ooops, my fault! I've read and replied too fast (maybe because it's Monda= y? :-)) Of course this shouldn't be done with *two domain names* only with two host names in the same domain... I suppose it won't work in actual browsers but if it does I let you all know... Sorry Jan Hassan Schroeder schrieb: > On Feb 11, 2008 5:00 AM, Jan M=F6nnich wrote: >=20 >> You can get one certificate with both domain names in the "Subject >> Alternative Name" of the Certificate. All modern browsers can handle t= hat >> and you can use just one Certificate for both domains. That's the >> workaround we are recommending to all of our customers. >=20 > Have you actually seen this deployed? >=20 > I ask because I've only seen Subject Alternative Name used as e.g. > foo.example.com, bar.example.com -- never two *domain* names. >=20 > If that really works, it'd be good to know :-) >=20 --=20 Dipl.-Inf. (FH) Jan M=F6nnich, PKI Team Phone: +49 40 808077-632, Fax: +49 40 808077-556, moennich@dfn-cert.de DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstra=DFe 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowsk= i 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ --------------ms030602030103080802070106 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIITZTCC BCEwggMJoAMCAQICAgDHMA0GCSqGSIb3DQEBBQUAMHExCzAJBgNVBAYTAkRFMRwwGgYDVQQK ExNEZXV0c2NoZSBUZWxla29tIEFHMR8wHQYDVQQLExZULVRlbGVTZWMgVHJ1c3QgQ2VudGVy MSMwIQYDVQQDExpEZXV0c2NoZSBUZWxla29tIFJvb3QgQ0EgMjAeFw0wNjEyMTkxMDI5MDBa Fw0xOTA2MzAyMzU5MDBaMFoxCzAJBgNVBAYTAkRFMRMwEQYDVQQKEwpERk4tVmVyZWluMRAw DgYDVQQLEwdERk4tUEtJMSQwIgYDVQQDExtERk4tVmVyZWluIFBDQSBHbG9iYWwgLSBHMDEw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDpm8NnhfkNrvWNVMOWUDU9YuluTO2U 1wBblSJ01CDrNI/W7MAxBAuZgeKmFNJSoCgjhIt0iQReW+DieMF4yxbLKDU5ey2QRdDtoAB6 fL9KDhsAw4bpXCsxEXsM84IkQ4wcOItqaACa7txPeKvSxhObdq3u3ibo7wGvdA/BCaL2a869 080UME/15eOkyGKbghoDJzANAmVgTe3RCSMqljVYJ9N2xnG2kB3E7f81hn1vM7PbD8URwoqD oZRdQWvY0hD1TP3KUazZve+Sg7va64sWVlZDz+HVEz2mHycwzUlU28kTNJpxdcVs6qcLmPkh nSevPqM5OUhqjK3JmfvDEvK9AgMBAAGjgdkwgdYwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDov L3BraS50ZWxlc2VjLmRlL2NnaS1iaW4vc2VydmljZS9hZl9Eb3dubG9hZEFSTC5jcmw/LWNy bF9mb3JtYXQ9WF81MDkmLWlzc3Vlcj1EVF9ST09UX0NBXzIwHQYDVR0OBBYEFEm3xs/oPR9/ 6kR7Eyn38QpwPt5kMB8GA1UdIwQYMBaAFDHDeRu69VPXF+CJei0XbAqzK50zMA4GA1UdDwEB /wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMA0GCSqGSIb3DQEBBQUAA4IBAQA74Vp3wEgX 3KkY7IGvWonwvSiSpspZGBJw7Cjy565/lizn8l0ZMfYTK3S9vYCyufdnyTmieTvhERHua3iR M347XyYndVNljjNj7s9zw7CSI0khUHUjoR8Y4pSFPT8z6XcgjaK95qGFKUD2P3MyWA0Ja6ba hWzAP7uNZmRWJE6uDT8yNQFb6YyC2XJZT7GGhfF0hVblw/hc843uR7NTBXDn5U2KaYMo4RMJ hp5eyOpYHgwf+aTUWgRo/Sg+iwK2WLX2oSw3VwBnqyNojWOl75lrXP1LVvarQIc01BGSbOyH xQoLBzNytG8MHVQs2FHHzL8w00Ny8TK/jM5JY6gA9/IcMIIExDCCA6ygAwIBAgIECfJ1ADAN BgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJERTETMBEGA1UEChMKREZOLVZlcmVpbjEQMA4G A1UECxMHREZOLVBLSTEkMCIGA1UEAxMbREZOLVZlcmVpbiBQQ0EgR2xvYmFsIC0gRzAxMB4X DTA3MDIxNDExNTAwOVoXDTE5MDIxMzAwMDAwMFowWDELMAkGA1UEBhMCREUxHzAdBgNVBAoT FkRGTi1DRVJUIFNlcnZpY2VzIEdtYkgxKDAmBgNVBAMTH0RGTi1DRVJUIFNlcnZpY2VzIEdt YkggQ0EgLSBHMDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzbepPqgn/97Cg 1R6Dp/162sx+swETAywzNZVNXzTXtLApha2Ql4ru5aL8Wd28MjHkUwSqeBlyU45QwcwoWnCr 48lrRkJXw2/cK09BH5jEenlrDE3wi3dR9YtN6BwT9X3iCEDLZw5rhNelQrVX7NpJbf6Pfi+7 SEkECCq3TBi+uYdSkn1yG2KERChraF4BSDUUXNYfuizvU2TXyVtPRzh5RPsNuG527m3w277O FMRbHXG12msUSVsaik1lb0x/WDRCcQhwYUFaFPM956hA2cCIsGweZLamv3cza1LlAfri6vf9 4rQ0SXF6lIp3WOI4fAlYoSWUcw2BhhVfkq6LlYRNAgMBAAGjggGSMIIBjjAPBgNVHRMBAf8E BTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUxovP+kT8OmpLaKvo5784I+W6CpYwHwYD VR0jBBgwFoAUSbfGz+g9H3/qRHsTKffxCnA+3mQwgYgGA1UdHwSBgDB+MD2gO6A5hjdodHRw Oi8vY2RwMS5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2FjcmwuY3JsMD2g O6A5hjdodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2dsb2JhbC1yb290LWNhL3B1Yi9jcmwvY2Fj cmwuY3JsMIGiBggrBgEFBQcBAQSBlTCBkjBHBggrBgEFBQcwAoY7aHR0cDovL2NkcDEucGNh LmRmbi5kZS9nbG9iYWwtcm9vdC1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwRwYIKwYBBQUH MAKGO2h0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvZ2xvYmFsLXJvb3QtY2EvcHViL2NhY2VydC9j YWNlcnQuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQAvRQUyNON7MWl6fdB2EhpYsfJYPW7AuNvi V+7XB8QVcTQhGPLO+FBW7S1QC57u8bxEVGX6O1l9hJKG135DISDZ9KTgGusLLcIMY0OHsiUW XX/GwbAB9S6gV+Yh3idiKDIvJU4yzfZ6RMyhdOubs8EesY+4Zxqgx6tKmTy/OAQBrR8sBw37 kscp2T3b3pQzybEviNFxzGh6IRyKn/3wY+MYjw11UFCtP08tTgArE2ffRE+cWvISz18iMv9f xJSThpePgeOdrnR1BwTKJGwxk2QAdfsTW6v0SIB01FH5KRrW6y9ukPUo+kua+EE0mex8Tdzk Q07J3iLlxIluRO3McCH9MIIFODCCBCCgAwIBAgIECjMQ8zANBgkqhkiG9w0BAQUFADBYMQsw CQYDVQQGEwJERTEfMB0GA1UEChMWREZOLUNFUlQgU2VydmljZXMgR21iSDEoMCYGA1UEAxMf REZOLUNFUlQgU2VydmljZXMgR21iSCBDQSAtIEcwMjAeFw0wNzA0MDQxMjAwMzdaFw0xMDA0 MDMxMjAwMzdaMFMxCzAJBgNVBAYTAkRFMR8wHQYDVQQKExZERk4tQ0VSVCBTZXJ2aWNlcyBH bWJIMQwwCgYDVQQLEwNQS0kxFTATBgNVBAMTDEphbiBNb2VubmljaDCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAK3tbcmSn9y+8CIrZNVZhBiY/OrnYMSk8onHl8IhtYmBn3z4 FO9Zer6OgMIJBTB61SPcWQRVuSS8odDYEDGpQo5ARy3h0OgFHLikWoPS5StzjPJZ0jLP6LuV FWZ71i+xxJU3QLqLDe2sVmKguIhTTr+W2bQTTXoJ6BwpZsMBtvhe6iswCbZiKW9TR2BpYMd0 36zxHq/C5XDYw5Y7u/VxvfDoy3FzPSvXKQlvP8FUYwNpNHnqnCLgoHA94Q+SCd7qofjrTECs SzgMMGxWOT/dflWj9UrWHLnI14PJrdvo8wuGRG4E+fcJZ39syV7GPR1+UjiJntd66Sd+Kuh5 uHyFkXkCAwEAAaOCAg0wggIJMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMCkGA1UdJQQiMCAG CCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAjAdBgNVHQ4EFgQUnjFBgUe8aQOJvYbj giJI0sYOQhwwHwYDVR0jBBgwFoAUxovP+kT8OmpLaKvo5784I+W6CpYwHwYDVR0RBBgwFoEU bW9lbm5pY2hAZGZuLWNlcnQuZGUwgaMGA1UdHwSBmzCBmDBKoEigRoZEaHR0cDovL2NkcDEu cGNhLmRmbi5kZS9kZm4tY2VydC1zZXJ2aWNlcy1nbWJoLWNhL3B1Yi9jcmwvZ19jYWNybC5j cmwwSqBIoEaGRGh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvZGZuLWNlcnQtc2VydmljZXMtZ21i aC1jYS9wdWIvY3JsL2dfY2FjcmwuY3JsMIG8BggrBgEFBQcBAQSBrzCBrDBUBggrBgEFBQcw AoZIaHR0cDovL2NkcDEucGNhLmRmbi5kZS9kZm4tY2VydC1zZXJ2aWNlcy1nbWJoLWNhL3B1 Yi9jYWNlcnQvZ19jYWNlcnQuY3J0MFQGCCsGAQUFBzAChkhodHRwOi8vY2RwMi5wY2EuZGZu LmRlL2Rmbi1jZXJ0LXNlcnZpY2VzLWdtYmgtY2EvcHViL2NhY2VydC9nX2NhY2VydC5jcnQw DQYJKoZIhvcNAQEFBQADggEBAKlK3hv12P8ZeYZ4UO+IwxRRgUxMAF7uNTKa54rqnFEltxxH T3n1ogCsg4Co6oPbuJo2TSp7iDHo2iR5xQPRsO8HvQ7/hu4uOjdLK0W5YlD4L4ozk0X/MlOp jyANOjl7udBMrYDIXZymIfBOcCc4pwPKdqDPfuJ79wgtEAEbyUtUF4QXSHoQ+oVSBR1vFwcW G/4iDi6Ebfie5c0dBMjyGkqs4grB2c+OswVoUBiAgwBAdwzvFRN5cEmiJHhxVHn9aQCqKWka mz38X5TbBzChGuZfU1DNxzDSR8ATj+DBodh7TFdpwbHD+zTG00UbVbHpzETfcU18Ui5KHtZr uNCbWUswggU4MIIEIKADAgECAgQKMxDzMA0GCSqGSIb3DQEBBQUAMFgxCzAJBgNVBAYTAkRF MR8wHQYDVQQKExZERk4tQ0VSVCBTZXJ2aWNlcyBHbWJIMSgwJgYDVQQDEx9ERk4tQ0VSVCBT ZXJ2aWNlcyBHbWJIIENBIC0gRzAyMB4XDTA3MDQwNDEyMDAzN1oXDTEwMDQwMzEyMDAzN1ow UzELMAkGA1UEBhMCREUxHzAdBgNVBAoTFkRGTi1DRVJUIFNlcnZpY2VzIEdtYkgxDDAKBgNV BAsTA1BLSTEVMBMGA1UEAxMMSmFuIE1vZW5uaWNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAre1tyZKf3L7wIitk1VmEGJj86udgxKTyiceXwiG1iYGffPgU71l6vo6AwgkF MHrVI9xZBFW5JLyh0NgQMalCjkBHLeHQ6AUcuKRag9LlK3OM8lnSMs/ou5UVZnvWL7HElTdA uosN7axWYqC4iFNOv5bZtBNNegnoHClmwwG2+F7qKzAJtmIpb1NHYGlgx3TfrPEer8LlcNjD lju79XG98OjLcXM9K9cpCW8/wVRjA2k0eeqcIuCgcD3hD5IJ3uqh+OtMQKxLOAwwbFY5P91+ VaP1StYcucjXg8mt2+jzC4ZEbgT59wlnf2zJXsY9HX5SOIme13rpJ34q6Hm4fIWReQIDAQAB o4ICDTCCAgkwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwKQYDVR0lBCIwIAYIKwYBBQUHAwIG CCsGAQUFBwMEBgorBgEEAYI3FAICMB0GA1UdDgQWBBSeMUGBR7xpA4m9huOCIkjSxg5CHDAf BgNVHSMEGDAWgBTGi8/6RPw6aktoq+jnvzgj5boKljAfBgNVHREEGDAWgRRtb2VubmljaEBk Zm4tY2VydC5kZTCBowYDVR0fBIGbMIGYMEqgSKBGhkRodHRwOi8vY2RwMS5wY2EuZGZuLmRl L2Rmbi1jZXJ0LXNlcnZpY2VzLWdtYmgtY2EvcHViL2NybC9nX2NhY3JsLmNybDBKoEigRoZE aHR0cDovL2NkcDIucGNhLmRmbi5kZS9kZm4tY2VydC1zZXJ2aWNlcy1nbWJoLWNhL3B1Yi9j cmwvZ19jYWNybC5jcmwwgbwGCCsGAQUFBwEBBIGvMIGsMFQGCCsGAQUFBzAChkhodHRwOi8v Y2RwMS5wY2EuZGZuLmRlL2Rmbi1jZXJ0LXNlcnZpY2VzLWdtYmgtY2EvcHViL2NhY2VydC9n X2NhY2VydC5jcnQwVAYIKwYBBQUHMAKGSGh0dHA6Ly9jZHAyLnBjYS5kZm4uZGUvZGZuLWNl cnQtc2VydmljZXMtZ21iaC1jYS9wdWIvY2FjZXJ0L2dfY2FjZXJ0LmNydDANBgkqhkiG9w0B AQUFAAOCAQEAqUreG/XY/xl5hnhQ74jDFFGBTEwAXu41MprniuqcUSW3HEdPefWiAKyDgKjq g9u4mjZNKnuIMejaJHnFA9Gw7we9Dv+G7i46N0srRbliUPgvijOTRf8yU6mPIA06OXu50Eyt gMhdnKYh8E5wJzinA8p2oM9+4nv3CC0QARvJS1QXhBdIehD6hVIFHW8XBxYb/iIOLoRt+J7l zR0EyPIaSqziCsHZz46zBWhQGICDAEB3DO8VE3lwSaIkeHFUef1pAKopaRqbPfxflNsHMKEa 5l9TUM3HMNJHwBOP4MGh2HtMV2nBscP7NMbTRRtVsenMRN9xTXxSLkoe1mu40JtZSzGCAyAw ggMcAgEBMGAwWDELMAkGA1UEBhMCREUxHzAdBgNVBAoTFkRGTi1DRVJUIFNlcnZpY2VzIEdt YkgxKDAmBgNVBAMTH0RGTi1DRVJUIFNlcnZpY2VzIEdtYkggQ0EgLSBHMDICBAozEPMwCQYF Kw4DAhoFAKCCAZUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN MDgwMjExMTUyMTE4WjAjBgkqhkiG9w0BCQQxFgQUpwrVK4Haa0/tqOG3BUZ2ldmftcIwUgYJ KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwbwYJKwYBBAGCNxAEMWIwYDBYMQswCQYDVQQG EwJERTEfMB0GA1UEChMWREZOLUNFUlQgU2VydmljZXMgR21iSDEoMCYGA1UEAxMfREZOLUNF UlQgU2VydmljZXMgR21iSCBDQSAtIEcwMgIECjMQ8zBxBgsqhkiG9w0BCRACCzFioGAwWDEL MAkGA1UEBhMCREUxHzAdBgNVBAoTFkRGTi1DRVJUIFNlcnZpY2VzIEdtYkgxKDAmBgNVBAMT H0RGTi1DRVJUIFNlcnZpY2VzIEdtYkggQ0EgLSBHMDICBAozEPMwDQYJKoZIhvcNAQEBBQAE ggEAlAzA33Ie4b7rSPygIoyYHfN3Wt8de9puDmx4ZGV6/SHgYzhbt7gStWMU0hziWSf33Xpd mxEb+qdSCoI0MMfMsP+KUITQr93VEaR0Owl+hs2xZKYdIA1JplA0oADaWZYjYV4rYYaRQAux 53aRYdqOLQgxW7uyGp758hEvP2p48TxPKLTU3++p5c2QOk+wfM1i+OLJRHGOnowGnkJVNOiD RhQQmPHP+4eJRWuxjbditxSXMngVSrHKuEgzTilUZzBQ1AyCCGbrSUXyhrQVfmevbr6pwdWR mCfSsjoaKIB7FiDERnr88Zgl7YCnGhjTciHpKBuyD5L1r2txgq2rUxE0cQAAAAAAAA== --------------ms030602030103080802070106--