Peter Crowther wrote:
From: Andrés González [mailto:[EMAIL PROTECTED]
I mean, what are you saying? That tomcat can only have 1 ssl
certificate per IP address, or that it is a "general" limitation of
the architecture of SSL certificates.
It is a general limitation of SSL. To be strict: you can only have one
certificate per *endpoint*, that is, IP address/port combination.
The reason is that the negotiation of the encrypted connection is done *before*
the host header is sent. Therefore the server has to deduce which certificate
to send without knowing which Web site the client wishes to access. Therefore
the server always sends the one certificate that you have associated with that
endpoint.
If you don't mind URLs of the form https://myserver.example:8443/somepage then
you can have multiple certificates per IP address, and indeed per Tomcat. But
the sites need to be served on different ports.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
So lets see if i understand this correctly. I can only have multiple SSL
certificates if I create different Services in server.xml pointing to
different ports? Do I need to have different keystores for each
connector too?
How do hosting providers manage to host multiple hosts each with their
own ssl certificate? Doesn't this make the virtual hosts element a bit
limited if only one of them can be secured?
cheers
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]