Re: SSL on multiple IP addreses?
On Solaris: Lets say the default interface is hme0, then all the aliases are hme0:1, hme0:2, hme0:3 - and so on... ifconfig hme0:1 netmask up ifconfig hme0:2 netmask up each aliases having a different IP of course! -jrj Will Hartung wrote: From: "David Wall" <[EMAIL PROTECTED]> Sent: Thursday, May 12, 2005 10:31 AM How will you configure multiple IP addresses on a single NIC? Normally, you have one NIC per IP address. You will need to use two keystores for each system, and configure the keystores as you normally would under the SSL connector. I'm not sure how to configure the CoyoteConnector so that it will listen on a particular IP address, but the docs no doubt explain how. Just an FYI, it's pretty simple and common to have a single NIC listen to multiple IP's. It's fairly trivial to do in Linux/Unix, and I know it's possible in Windows, but I don't know the details of how to do it. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL on multiple IP addreses?
That's very cool. Didn't even know it was possible. I hope the original question has been answered in terms of creating multiple SSL connectors and having each point to a different keystore, since each keystore will hold the cert for each domain name. Trung Nguyen wrote: You can configure multiple IP adresses on a single NIC and add new IP/domain name to the server.xml To configure multiple IP address on a single NIC on Linux (RHEL): 1. cd /etc/sysconfig/network-scripts 2. Make a copy of ifcfg-eth0 to ifcfg-eth0:0 3. Edit ifcfg-eth0:0 and change DEVICE to eth0:0 and change the IPADDR to new IP You can do this as many as you want by increase the last number by 1. Hope this help. Trung - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL on multiple IP addreses?
> From: "David Wall" <[EMAIL PROTECTED]> > Sent: Thursday, May 12, 2005 10:31 AM > How will you configure multiple IP addresses on a single NIC? Normally, > you have one NIC per IP address. You will need to use two keystores for > each system, and configure the keystores as you normally would under the > SSL connector. I'm not sure how to configure the CoyoteConnector so > that it will listen on a particular IP address, but the docs no doubt > explain how. Just an FYI, it's pretty simple and common to have a single NIC listen to multiple IP's. It's fairly trivial to do in Linux/Unix, and I know it's possible in Windows, but I don't know the details of how to do it. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL on multiple IP addreses?
> From: David Wall [mailto:[EMAIL PROTECTED] > Subject: Re: SSL on multiple IP addreses? > > How will you configure multiple IP addresses on a single NIC? IP addresses are a figment of the software TCP stack's imagination. All real operating systems provide the capability of assigning multiple arbitrary IP addresses to a NIC. > Normally, you have one NIC per IP address. Depends on the requirements of the implementation. But to get back to the original question, I think the OP will need multiple .keystore files, although that may well depend on how the certificate is created. Take a look at: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html especially the Certificates and General Tips sections. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL on multiple IP addreses?
You can configure multiple IP adresses on a single NIC and add new IP/domain name to the server.xml To configure multiple IP address on a single NIC on Linux (RHEL): 1. cd /etc/sysconfig/network-scripts 2. Make a copy of ifcfg-eth0 to ifcfg-eth0:0 3. Edit ifcfg-eth0:0 and change DEVICE to eth0:0 and change the IPADDR to new IP You can do this as many as you want by increase the last number by 1. Hope this help. Trung -Original Message- From: David Wall [mailto:[EMAIL PROTECTED] Sent: Thursday, May 12, 2005 1:31 PM To: Tomcat Users List Subject: Re: SSL on multiple IP addreses? How will you configure multiple IP addresses on a single NIC? Normally, you have one NIC per IP address. You will need to use two keystores for each system, and configure the keystores as you normally would under the SSL connector. I'm not sure how to configure the CoyoteConnector so that it will listen on a particular IP address, but the docs no doubt explain how. Good luck... Paul Singleton wrote: > I'm trying to set up several SSL-enabled virtual hosts > under Tomcat 5.5.9 (Linux), each on a different IP address > (all via the same NIC). > > I think I need a separate certificate (self-signed is OK) > for each, but cannot see how to associate them... > > Do I have to create separate keystores? or is there a > neater way? > > Paul Singleton > Jambusters Ltd > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL on multiple IP addreses?
How will you configure multiple IP addresses on a single NIC? Normally, you have one NIC per IP address. You will need to use two keystores for each system, and configure the keystores as you normally would under the SSL connector. I'm not sure how to configure the CoyoteConnector so that it will listen on a particular IP address, but the docs no doubt explain how. Good luck... Paul Singleton wrote: I'm trying to set up several SSL-enabled virtual hosts under Tomcat 5.5.9 (Linux), each on a different IP address (all via the same NIC). I think I need a separate certificate (self-signed is OK) for each, but cannot see how to associate them... Do I have to create separate keystores? or is there a neater way? Paul Singleton Jambusters Ltd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL on multiple IP addreses?
I'm trying to set up several SSL-enabled virtual hosts under Tomcat 5.5.9 (Linux), each on a different IP address (all via the same NIC). I think I need a separate certificate (self-signed is OK) for each, but cannot see how to associate them... Do I have to create separate keystores? or is there a neater way? Paul Singleton Jambusters Ltd -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.8 - Release Date: 10/May/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]