tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: TLS configuration with multiple web apps
Date Mon, 30 Aug 2010 16:42:00 GMT
Maybe also to point out a side-effect of multiple connectors (and/or multiple tomcats) : 
it also means that each site/application would need a different port number also.

Jamie wrote:
> Hi Mark
> Thanks for the clarification. Makes sense. Since ISP's are typically 
> cost sensitive, each instance should consume a minimal amount of 
> resources.. i.e. memory footprint, etc. Is there alot extra overhead in 
> the architecture you describe?
> Jamie
> On 2010/08/30 6:02 PM, Mark Thomas wrote:
>> On 30/08/2010 16:58, Jamie wrote:
>>> Hi There
>>> Our deployment of Tomcat has several web applications, each with their
>>> own cert store. Each web app has a GUI for creating cert requests and
>>> importing certs. we need to configure Tomcat's TLS capability such that
>>> it will authenticate with each web application's certificate store. I
>>> cannot see how to do this from the docs. It seems Tomcat only support
>>> one cert store for all web applications. Furthermore, there doesn't
>>> appear to be a way to specify a path that is relative to the web app
>>> home directory. Any pointers / workarounds to the above would be most
>>> appreciated.
>> Certificate stores are set per connector. It has to be this way since
>> the SSL connection needs to be established before the request can be
>> parsed and the correct host&  context identified.
>> To do what you want to do sounds like you'll need one connector per
>> webapp which equates to one service + connector + engine + host per 
>> web app.
>> Mark
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message