tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Borut Hadžialić <>
Subject Re: Is it possible to configure 2 SSL connectors on one Tomcat instance?
Date Tue, 08 Mar 2011 13:51:10 GMT
Hi Nikko,

I asume that you really want 2 connectors with 2 different key stores,
not 2 different trust stores.

If you have 2 ip addresses then its easy - define 2 connectors and use
their address attribute to assign each connector one ip address.

If you have only 1 ip address then you might have a problem. The
problem with name based virtual hosts under https/ssl is that ssl
handshake (which involves server sending a certificate for some
domain) happens after tcp/ip connection is established - before the
HOST part of the http request can be read. So if you would have 2
different https virtual domains on same ip:port, the server wouldn't
know which certificate to send just after a tcp/ip connection was
established, because it must decide what certificate to send based on
information which is inside the HTTP request, which can be read only
after establishing a ssl connection. This is a general problem, not
just Tomcat specific.

Maybe if your domains are really similar to and you could use a wildcard certificate (*
or if you are using a self-signed certificate and want just https
encryption and not server verification - then you could use 1 Tomcat

And btw if you are defining a https connector in tomcat you are using
a key store - a trust store is used when you verify client
certificates when you set clientAuth="true" which is rare.

On Tue, Mar 8, 2011 at 1:57 PM, Nikko Nikko <> wrote:
> Hi,
>   Is It possible to define 2 SSL connectors for 2 different virtual domain
> domains? For example I want to define 2 virtual hosts:  “”
> and “” and want to have different trust store  for each of
> them. I want to run them in one and the same Tomcat instance.
> Best regards,
>  Nikko.

Because YES!

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message