tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: using SSLHostConfig on tomcat 9 in order to get 2 SSL certificates
Date Wed, 01 Jun 2016 17:00:13 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hardibo,

On 6/1/16 9:48 AM, Hardibo Pierre-Jean wrote:
> Hello, when i add the second, or i put only the second (tomcat2)
> browser doesn't reach the website but doesnt stop with error
> message.

If you connect with openssl s_client, can you see what certificate is
presented with the server handshake?

Depending upon your version of OpenSSL, it may or may not support the
- -servername option, which is the way to trigger the use of SNI.

- -chris

> Le 31/05/2016 18:52, Christopher Schultz a écrit : Hardibo,
> 
> On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote:
>>>> Hello, i made two startSSL's certificates because i could
>>>> only add 5 domains once.
> ??!
> 
>>>> When i use SSLHostConfig for the domains of the first
>>>> certificate all is working, but when i try to add other
>>>> domains (2° certificate) websites are no more accessible,
>>>> there's few documentation about that and no tutorial so i am
>>>> blocked. Here is my connector (server.xml): <Connector
>>>> port="8443" 
>>>> protocol="org.apache.coyote.http11.Http11NioProtocol" 
>>>> maxThreads="150" SSLEnabled="true" >
> You'll also want to set secure="true" and scheme="https" on your 
> <Connector>. This might be the only thing you are missing.
> 
> http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_-
_S
>
> 
SLHostConfig
> 
>>>> <SSLHostConfig hostName="www.hardibopj.com"> <Certificate 
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="www.tagdirectory.net"> <Certificate 
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="www.xn--kzako-bsa.com"> <Certificate 
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="www.xn--tltravail-b4ab.com"> <Certificate 
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="www.xn--changedeliens-9gb.com"> <Certificate
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="en.tagdirectory.net"> <Certificate 
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="www.retrogeekzone.com"> <Certificate 
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="en.retrogeekzone.com"> <Certificate 
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> <SSLHostConfig
>>>> hostName="www.troc-livres-informatique.com"> <Certificate
>>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" 
>>>> certificateKeystorePassword="xxxx" type="RSA"/>
>>>> </SSLHostConfig> </Connector>
> Those all look okay to me. What are you using to test? With a
> single <SSLHostConfig> can you establish a connection? When you add
> the second <SSLHostConfig>, how do things change?
> 
> -chris
>> 
>> ---------------------------------------------------------------------
>>
>> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>> 
> 
> 
> ---------------------------------------------------------------------
>
> 
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAldPFJ0ACgkQ9CaO5/Lv0PAF6ACfVcTBSYK14jmbTe8Ajs2JBvtT
ZLcAn350K2zMGeVOo8SmAoZgqDt6kGnf
=xtvv
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message