tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Borut Hadžialić <borut.hadzia...@gmail.com>
Subject Re: IP-based virtual hosting with Tomcat(6)
Date Mon, 03 Aug 2009 15:11:28 GMT
Maybe this will be helpfull to you?
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_

I am not sure how well that extension is supported in browsers and other ssl
clients, or can you get a CA to sign a certificate that contains these
extensions. But, I wouldn't be surprised if  there were no problems with any
of that because there are scenarios in which its useful to have same
certificate be valid for a url that contains a host name or ip address..

What I do know is that I used a single self signed certificate (with subject
alt names for:
IP Address=10.0.100.11
IP Address=10.0.100.12
IP Address=10.0.100.13
IP Address=10.0.100.14
)
locally for testing on 4 app servers that ran a load balanced app. We tested
the app with urls like https://10.0.100.11/ https://10.0.100.12/ and so on.



On Wed, Jul 29, 2009 at 10:44 PM, <uma_rk@comcast.net> wrote:

>
> My second issue is perhaps more serious: is there an underlying assumption
> with
> virtual hosts that they are bound by distinct security constraints? I mean,
> is there
> an implicit assumption, for instance, that distinct virtual hosts would use
> distinct SSL certificates?
>
> I plan to (rather, need to) use the same SSL certificate for all vHosts.
>
> Thanx again!
>
> /U
>
>

-- 
Why?
Because YES!

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message