tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey Janner" <>
Subject RE: IP-based virtual hosting with Tomcat(6)
Date Mon, 03 Aug 2009 13:48:16 GMT
Uma -
If you are really serious about using 1 SSL certificate for all your connections, you need
to understand SSL much better than it appears you do at the moment.  Some things to note:
1) The Common Name of the SSL *must* match the name the user gives in the hostname portion
of the URL he enters in his browser, or else the browser will complain.  It doesn't matter
if the name is provided as an IP address or a normal string name.
2) The direness of the complaint is totally dependent on the browser and the version of said
3) To have one certificate match multiple hostnames, you need a wildcard certificate, where
the common name is like "*".  Do tons of research before attempting.
4) Internet Explorer interprets wildcard names differently than other browsers, and the spec
as far as I can tell.  Where will match the above, will
not.  IE is the only browser I've found that imposes this limitation. And I don't think you
can do "*.*" to get around it either.  Try posting to an SSL group to find someone
more knowledgeable.

-----Original Message-----
From: [] 
Sent: Wednesday, July 29, 2009 5:13 PM
To: Tomcat Users List
Subject: Re: IP-based virtual hosting with Tomcat(6)


If I wanted to use the same SSL certificate for all virtual hosts
does it follow that 


*******************************  NOTICE  *********************************
This message is intended for the use of the individual or entity to which 
it is addressed and may contain information that is privileged, 
confidential, and exempt from disclosure under applicable law.  If the 
reader of this message is not the intended recipient or the employee or 
agent responsible for delivering this message to the intended recipient, 
you are hereby notified that any dissemination, distribution, or copying 
of this communication is strictly prohibited.  If you have received this 
communication in error, please notify us immediately by reply or by 
telephone (call us collect at 512-343-9100) and immediately delete this 
message and all its attachments.
View raw message