D'Alessandro, Arthur
Wed, 24 Mar 2004 02:33:08 -0800
Thanks... Would be nice to utili1 keystore aliases..but that'll work -----Original Message----- From: Peter Rossbach [mailto:[EMAIL PROTECTED] Sent: Wed Mar 24 02:46:17 2004 To: Tomcat Users List Subject: Re: Tomcat 5 Multiple SSL certificates (virtual hosts) Hello Arthur, I have successfull tested those system with mulple IP Interfaces and different certs. One thing is a good practice: have small Service for admin web application The Engine name are Catalina of this service. Here my example configuration with one Catalina Service an two IP Service with different certs. <Server port="7305" shutdown="SHUTDOWN" debug="0"> <!-- Enable JMX MBeans support --> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" debug="0"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" debug="0"/> <!-- Global JNDI resources --> <GlobalNamingResources> <!-- Editable user database that can also be used by UserDatabaseRealm to authenticate users --> <Resource name="UserDatabase" auth="Container" type="org.apache.catalina.UserDatabase" description="User database that can be updated and saved"> </Resource> <ResourceParams name="UserDatabase"> <parameter> <name>factory</name> <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> </parameter> <parameter> <name>pathname</name> <value>conf/tomcat-users.xml</value> </parameter> </ResourceParams> </GlobalNamingResources> <Service name="Catalina"> <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 7380 --> <Connector port="7380" enableLookups="false" acceptCount="10" address="localhost"/> <Engine name="Catalina" defaultHost="localhost" debug="0"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/> <!-- Global logger unless overridden at lower levels --> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/> <!-- Developer Mode --> <Host name="localhost" appBase="webapps" unpackWARs="false" autoDeploy="true" deployXML="true" deployOnStartUp="true" > </Host> </Engine> </Service> <Service name="Secure-WebDev1"> <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 7380 --> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="7380" redirectPort="7543" address="secure1"/> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="7543" acceptCount="100" scheme="https" secure="true" address="secure1"> <Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" keystoreFile="conf/secure1.keystore" clientAuth="false" keystorePass="changeit" protocol="TLS" SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" /> </Connector> <Engine name="Secure-Webdev1" defaultHost="secure1" debug="0"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/> <!-- Global logger unless overridden at lower levels --> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" dir="secure1/logs" timestamp="true"/> <!-- Developer Mode --> <Host name="secure1" appBase="secure1/webapps" unpackWARs="false" autoDeploy="true" deployXML="true" deployOnStartUp="true" > <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/> --> </Host> </Engine> </Service> <Service name="Secure-WebDev2"> <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 7380 --> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="7380" redirectPort="7543" address="secure2"/> <Connector className="org.apache.coyote.tomcat5.CoyoteConnector" port="7543" scheme="https" secure="true" address="secure2"> <Factory className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory" keystoreFile="conf/secure2.keystore" clientAuth="false" keystorePass="changeit2" protocol="TLS" SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" /> </Connector> <Engine name="Secure-Webdev2" defaultHost="secure2" debug="0"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" debug="0" resourceName="UserDatabase"/> <!-- Global logger unless overridden at lower levels --> <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" dir="secure2/logs" timestamp="true"/> <!-- Developer Mode --> <Host name="secure2" appBase="secure2/webapps" unpackWARs="false" autoDeploy="true" deployXML="true" deployOnStartUp="true" > <!-- <Valve className="org.apache.catalina.authenticator.SingleSignOn" debug="0"/> --> </Host> </Engine> </Service> </Server> I hope this help Peter -- http://tomcat.objektpark.org/ Bill Barker schrieb: >IMHO, using separate keystore files is the easiest option. However, it >should also be possible to specify which cert to use via the 'keyAlias' >attribute on the Connector. > >"D'Alessandro, Arthur" <[EMAIL PROTECTED]> wrote in message >news:[EMAIL PROTECTED] >We'd like to implement a single Tomcat 5 server running multiple ip >address aliases, each with it's own SSL certificate assigned. I do not >see a configuration option, other than potentially trying to utilize a >different keystore file (each with it's own tomcat alias cert) for each >virtual host. > >Is there an easier way, and has anyone had any success in doing so? > >-Arthur > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]