To any SSL guru's:
I have two (servlet/jsp) web sites set up (CompanyA and CompanyB), with
each site capable of being accessed normally and via SSL. I have a
certificate for each site, and both certificates are contained in a
common "keystore". I am unable to persuade the Orion server to associate
the correct SSL certificate with the appropriate site. When I attempt to
access either site via SSL, I always get the certificate for CompanyB -
which was the last one imported into the keystore. (I don't know if
that's significant or not.)
The locations of significant files:
CompanyA is at:
orion/applications/CompA/CompA-web/WEB-INF/web-site.xml
orion/applications/CompA/CompA-web/WEB-INF/secure-web-site.xml
CompanyB is at:
orion/applications/CompB/CompB-web/WEB-INF/web-site.xml
orion/applications/CompB/CompB-web/WEB-INF/secure-web-site.xml
The Keystore is at:
orion/keystore
(The CN for each certificate matched the domain name of each site -
i.e. www.companya.com, and www.companyb.com)
Orion configuration file:
orion/config/server.xml
The file contents (minus the dtd header info):
CompanyA web-site.xml:
<web-site host="[ALL]" port="80" display-name="Company A"
virtual-hosts="www.companya.com">
<default-web-app application="CompA" name="CompA-web" shared="true" />
<web-app applicatioin="CompA" name="CompA-web" root="/CompA/CompA-web"
/>
</web-site>
CompanyA secure-web-site.xml:
<web-site host="[ALL]" secure="true" display-name="Company A"
virtual-hosts="www.companya.com">
<default-web-app application="CompA" name="CompA-web" shared="true" />
<web-app applicatioin="CompA" name="CompA-web" root="/CompA/CompA-web"
/>
<ssl-config keystore="../../../../keystore" keystore-password="123456"
/>
</web-site>
(CompanyB files look the same - except CompA is CompB etc.)
Orion server.xml configuration file:
<application-server
application-directory="../applications"
deployment-directory="../application-deployments">
<library path="../lib" />
<rmi-config path="./rmi.xml" />
<principals path="./principals.xml" />
<log>
<file path="../log/server.log" />
</log>
<global-application name="default" path="application.xml" />
<global-web-app-config path="global-web-application.xml" />
<web-site path="./default-web-site.xml" />
<application name="CompA" path="../applications/CompA/" />
<web-site path="../applications/CompA/CompA-web/WEB-INF/web-site.xml"
/>
<web-site
path="../applications/CompA/CompA-web/WEB-INF/secure-web-site.xml" />
<application name="CompB" path="../applications/CompB/" />
<web-site path="../applications/CompB/CompB-web/WEB-INF/web-site.xml"
/>
<web-site
path="../applications/CompB/CompB-web/WEB-INF/secure-web-site.xml" />
</application-server>
When I attempt to access either https://www.companya.com or
https://www.companyb.com, I gain access to the appropriate site, BUT
always using the certificate for www.companyb.com.
Thanks in advance for any help or insight into what I am doing wrong!
-Dale
