Bruno Harbulot wrote:
2. We can set up two different Contexts for the two servers, using
something along these lines:
Component component = new Component();
Server server1 = new Server(Protocol.HTTPS, "host1.example.org", 8443,
null);
Server server2 = new Server(Protocol.HTTPS, "host2.example.com", 8443,
null);
component.getServers().add(server1);
component.getServers().add(server2);
SslContextFactory sslContextFactory1 = ...
/* an SslContextFactory that will return an SSLContext with an
X509KeyManager choosing the alias for "host1.example.org" */
SslContextFactory sslContextFactory2 = ...
/* an SslContextFactory that will return an SSLContext with an
X509KeyManager choosing the alias for "host2.example.com" */
server1.getContext().getAttributes().put("sslContextFactory",
sslContextFactory1);
server2.getContext().getAttributes().put("sslContextFactory",
sslContextFactory2);
// (I then add a couple of virtual hosts, one for each name.)
I've tried this, and it works.
To be more specific on setting up the sslContextFactory, if you're
willing to try jSSLutils from the subversion repository (0.4-SNAPSHOT,
rev 30), you should be able to use something like this:
jsslutils.sslcontext.X509SSLContextFactory sslContextFactory1 =
new X509SSLContextFactory(keyStore, "keypassword", trustStore);
sslContextFactory1.setKeyManagerWrapper(new
FixedServerAliasKeyManager.Wrapper("host1.example.org"));
server1.getContext().getAttributes().put("sslContextFactory", new
JsslutilsSslContextFactory(sslContextFactory1));
Feedback welcome of course.
Best wishes,
Bruno.
