tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: TLS configuration with multiple web apps
Date Mon, 30 Aug 2010 16:42:00 GMT
Maybe also to point out a side-effect of multiple connectors (and/or multiple tomcats) : 
it also means that each site/application would need a different port number also.


Jamie wrote:
> Hi Mark
> 
> Thanks for the clarification. Makes sense. Since ISP's are typically 
> cost sensitive, each instance should consume a minimal amount of 
> resources.. i.e. memory footprint, etc. Is there alot extra overhead in 
> the architecture you describe?
> 
> Jamie
> 
> On 2010/08/30 6:02 PM, Mark Thomas wrote:
>> On 30/08/2010 16:58, Jamie wrote:
>>   
>>> Hi There
>>>
>>> Our deployment of Tomcat has several web applications, each with their
>>> own cert store. Each web app has a GUI for creating cert requests and
>>> importing certs. we need to configure Tomcat's TLS capability such that
>>> it will authenticate with each web application's certificate store. I
>>> cannot see how to do this from the docs. It seems Tomcat only support
>>> one cert store for all web applications. Furthermore, there doesn't
>>> appear to be a way to specify a path that is relative to the web app
>>> home directory. Any pointers / workarounds to the above would be most
>>> appreciated.
>>>      
>> Certificate stores are set per connector. It has to be this way since
>> the SSL connection needs to be established before the request can be
>> parsed and the correct host&  context identified.
>>
>> To do what you want to do sounds like you'll need one connector per
>> webapp which equates to one service + connector + engine + host per 
>> web app.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>    
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message