"Van Dooren, Damian" wrote:
> You should be using two different files for your keystores, on for CompnayA
> and one for CompanyB.
>
> > -----Original Message-----
> > From: Dale M. Boresz [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, September 27, 2000 8:03 AM
> > To: Orion-Interest
> > Subject: Associating SSL certs with appropriate site
> >
> >
> > To any SSL guru's:
> >
> > I have two (servlet/jsp) web sites set up (CompanyA and
> > CompanyB), with
> > each site capable of being accessed normally and via SSL. I have a
> > certificate for each site, and both certificates are contained in a
> > common "keystore". I am unable to persuade the Orion server
> > to associate
> > the correct SSL certificate with the appropriate site. When I
> > attempt to
> > access either site via SSL, I always get the certificate for
> > CompanyB -
> > which was the last one imported into the keystore. (I don't know if
> > that's significant or not.)
> >
> > The locations of significant files:
> >
> > CompanyA is at:
> > orion/applications/CompA/CompA-web/WEB-INF/web-site.xml
> > orion/applications/CompA/CompA-web/WEB-INF/secure-web-site.xml
> >
> > CompanyB is at:
> > orion/applications/CompB/CompB-web/WEB-INF/web-site.xml
> > orion/applications/CompB/CompB-web/WEB-INF/secure-web-site.xml
> >
> > The Keystore is at:
> > orion/keystore
> > (The CN for each certificate matched the domain name of each site -
> > i.e. www.companya.com, and www.companyb.com)
> >
> > Orion configuration file:
> > orion/config/server.xml
> >
> > The file contents (minus the dtd header info):
> > CompanyA web-site.xml:
> > <web-site host="[ALL]" port="80" display-name="Company A"
> > virtual-hosts="www.companya.com">
> > <default-web-app application="CompA" name="CompA-web"
> > shared="true" />
> >
> > <web-app applicatioin="CompA" name="CompA-web"
> > root="/CompA/CompA-web"
> > />
> > </web-site>
> >
> > CompanyA secure-web-site.xml:
> > <web-site host="[ALL]" secure="true" display-name="Company A"
> > virtual-hosts="www.companya.com">
> > <default-web-app application="CompA" name="CompA-web"
> > shared="true" />
> >
> > <web-app applicatioin="CompA" name="CompA-web"
> > root="/CompA/CompA-web"
> > />
> > <ssl-config keystore="../../../../keystore"
> > keystore-password="123456"
> > />
> > </web-site>
> >
> > (CompanyB files look the same - except CompA is CompB etc.)
> >
> > Orion server.xml configuration file:
> > <application-server
> > application-directory="../applications"
> > deployment-directory="../application-deployments">
> >
> > <library path="../lib" />
> >
> > <rmi-config path="./rmi.xml" />
> >
> > <principals path="./principals.xml" />
> >
> > <log>
> > <file path="../log/server.log" />
> > </log>
> >
> > <global-application name="default" path="application.xml" />
> >
> > <global-web-app-config path="global-web-application.xml" />
> > <web-site path="./default-web-site.xml" />
> >
> > <application name="CompA" path="../applications/CompA/" />
> > <web-site
> > path="../applications/CompA/CompA-web/WEB-INF/web-site.xml"
> > />
> > <web-site
> > path="../applications/CompA/CompA-web/WEB-INF/secure-web-site.xml" />
> >
> > <application name="CompB" path="../applications/CompB/" />
> > <web-site
> > path="../applications/CompB/CompB-web/WEB-INF/web-site.xml"
> > />
> > <web-site
> > path="../applications/CompB/CompB-web/WEB-INF/secure-web-site.xml" />
> >
> > </application-server>
> >
> > When I attempt to access either https://www.companya.com or
> > https://www.companyb.com, I gain access to the appropriate site, BUT
> > always using the certificate for www.companyb.com.
> >
> > Thanks in advance for any help or insight into what I am doing wrong!
> >
> > -Dale
> >
> >
Damian,
Thanks for your reply, however that was actually the way I had tried it
originally. However, I did try something new... I used a separate keystore
for each company as you suggested, and took it a step further by assigning
each keystore a different password. Unfortunately - same result. I DID notice
though, that the certificate that gets used seems to be the one which has it's
"secure-web-site.xml" reference listed first in the server.xml file. If I
swap the order, then it changes over to using the other certificate.
This is extremely frustrating. It's seems like this should be a very
fundamental and common scenario, yet I've found NO mention of it in any of
Orion's (very meager) documentation.
Thanks for your response.
-Dale
