tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Björn Raupach <raup...@me.com>
Subject Re: SSL and Virtual Hosting
Date Wed, 21 Oct 2015 18:47:09 GMT
Hello Mark,

thanks for responding

> On 21 Oct 2015, at 20:42, Mark Thomas <markt@apache.org> wrote:
> 
> On 21/10/2015 16:27, Björn Raupach wrote:
>> Dear group,
>> 
>> it would be nice if anyone knows, if my planned setup is going to work.
>> 
>> At the moment we are having two services (web apps) at two different machines and
hostnames. Lets say bob.example.com and alice.example.com 
>> 
>> bob.example.com runs without SSL and deploys the web app at the root context. We
just throw a ROOT.war in /webapps.
>> 
>> alice.example.com needs SSL at all times. It currently does not run with the root
context but we would like to. So another ROOT.war. We have an SSL cert for alice.example.com
>> 
>> I want both applications to run on a single Tomcat instance with Virtual Hosting.
Virtual Hosting with Tomcat that is. I am comfortable with setting up Virtual Hosting, but
I am just not sure about the SSL part. Does the choice between IP-based or Hostname matter?
bob.example.com might need SSL support in the future.
>> 
>> We are using Amazon AWS if that is important. So I could get another Elastic IP.
We are working with the latest Apache Tomcat 8 and the latest JDK on the server machines.
>> 
>> Sorry if this is not 100% Tomcat related.
> 
> Currently it will work if both hosts can share the same certificate
> because they share a connector and (currently) a connector can only have
> a single certificate.

How can both hosts share the same certificate? Do I need a SAN certificate or can I just run
with the cert for alice.example.com <http://alice.example.com/> and have to live with
any cert errors on bob.example.com <http://bob.example.com/>? 

> 
> As of 9.0.x (and hopefully eventually back-ported to 8.x) you'll be able
> to have per host certs. There should be a 9.0.0-RC1 in the next week or so.
> 
> Mark
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org <mailto:users-unsubscribe@tomcat.apache.org>
> For additional commands, e-mail: users-help@tomcat.apache.org <mailto:users-help@tomcat.apache.org>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message