Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 82664 invoked from network); 25 Aug 2006 13:04:52 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 25 Aug 2006 13:04:52 -0000 Received: (qmail 59384 invoked by uid 500); 25 Aug 2006 13:04:40 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 59363 invoked by uid 500); 25 Aug 2006 13:04:40 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 59351 invoked by uid 99); 25 Aug 2006 13:04:40 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Aug 2006 06:04:40 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (asf.osuosl.org: local policy) Received: from [195.143.155.10] (HELO elmo.2sheds.de) (195.143.155.10) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 25 Aug 2006 06:04:39 -0700 Received: from [10.0.173.194] (tal2.friendscout24.de [62.245.224.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by elmo.2sheds.de (Postfix) with ESMTP id 50E73F2A80 for ; Fri, 25 Aug 2006 15:04:18 +0200 (CEST) Mime-Version: 1.0 (Apple Message framework v752.2) In-Reply-To: References: X-Gpgmail-State: !signed Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: quoted-printable From: Andrew Miehs Subject: Re: multiple virtual hosts and ssl certificates Date: Fri, 25 Aug 2006 15:04:16 +0200 To: "Tomcat Users List" X-Mailer: Apple Mail (2.752.2) X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Peter is correct - I was just being a bit lazy in my answer... The ssl connection is setup BEFORE any 'hostname' information is =20 passed over the link, and therefore the server would not know 'which' =20= virtual hostname's ssl certificate to use. Therefore - 1 certificate per IP Address/ Port combination. Cheers Andrew On 25/08/2006, at 12:22 PM, Peter Crowther wrote: >> From: Andr=E9s Gonz=E1lez [mailto:angoro@gmail.com] >> I mean, what are you saying? That tomcat can only have 1 ssl >> certificate per IP address, or that it is a "general" limitation of >> the architecture of SSL certificates. > > It is a general limitation of SSL. To be strict: you can only have =20= > one certificate per *endpoint*, that is, IP address/port combination. > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org