On Thu, Jul 3, 2008 at 2:36 PM, Bruno Harbulot <[EMAIL PROTECTED]> wrote: > > There can only be one certificate per IP address (unless using a different > port), thus one certificate per connector. (An exception to this would be to > use something like what GnuTLS does [1], but I've never seen it used in > practice. I'm not sure at all how browsers and other clients support that > sort of negotiation.) > > Assuming you'd want to do this on a Connector rather than on a VirtualHost, > this would still have to be implemented in the KeyManager (and thus in the > SSLContext). I'll try to make things progress on the Jetty side and/or find > another solution soon. I'm not sure when the Restlet 1.1 RC1 is due for, but > I haven't had much spare time for this recently.
What I'd like to be able to do is have a certificate (i.e. alias in a keystore) be associated with a Virtual host so that if I have two virtual hosts on one server I can associate the different SSL certificates with each host's connection. Now, I can work around the IP address limitations by using additional addresses on the server. Is this a Restlet limitation, a Jetty limitation, or a Java SSL implemenation limitation? --Alex Milowski
