Re: Using more than one SSL cert in keystore?
Justin Jaynes wrote: Thanks. I am doing as you have instructed. I hope to set up client-side redirects. Can you please tell me how? Does it require javascript, or just HTML? Where can I learn about client side re-directs? Try Google (Web and Groups) You can do it like this (relies on JavaScript): html head titleredirection page/title /head body onLoad=window.location.replace('http://me.com/myapp') /body html and I think you can also do it with an HTTP header but I don't have details to hand... Paul S. Justin Jaynes --- Paul Singleton [EMAIL PROTECTED] wrote: Justin Jaynes wrote: ...But now I would like to put up a new site that is completely independant of the others. It needs its own SSL cert and it needs four host names to all point to the same place and redirect to just one of the domain names so that the SSL cert will be valid, regardless of how the users chose to get to my site. An SSL cert is for a specific domain name. If you want your users to be able to make HTTPS requests to all four domains without warnings from the browser, I reckon you need four certificates. But if they make non-SSL requests, and you respond with a client-side redirect to your one true certificated site using HTTPS, that may work OK? Is it possible to do Virtual Hosting using IP's on a Tomcat standalone installation? Yes, I'm doing this now with 5.5.9 You need e.g. this server.xml stuff for each host: Service Connector (HTTP) Connector (HTTPS) Engine Host Context You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly, fixed in later versions) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.0/63 - Release Date: 3/Aug/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.3/66 - Release Date: 8/Aug/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using more than one SSL cert in keystore?
-Message d'origine- De : Paul Singleton [mailto:[EMAIL PROTECTED] Envoyé : mardi 9 août 2005 15:47 À : Tomcat Users List Objet : Re: Using more than one SSL cert in keystore? Justin Jaynes wrote: Thanks. I am doing as you have instructed. I hope to set up client-side redirects. Can you please tell me how? Does it require javascript, or just HTML? Where can I learn about client side re-directs? Try Google (Web and Groups) You can do it like this (relies on JavaScript): html head titleredirection page/title /head body onLoad=window.location.replace('http://me.com/myapp') /body html and I think you can also do it with an HTTP header but I don't have details to hand... You can use meta http-equiv=refresh content=delay; URL=yourURL Cheers, Laurent *** Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite. Tout message electronique est susceptible d'alteration. Le Groupe France Telecom decline toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. Si vous n'etes pas destinataire de ce message, merci de le detruire immediatement et d'avertir l'expediteur. *** This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. Messages are susceptible to alteration. France Telecom Group shall not be liable for the message if altered, changed or falsified. If you are not receiver of this message, please cancel it immediately and inform the sender. *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using more than one SSL cert in keystore?
Paul Singleton wrote re' client-side redirects: You can do it like this (relies on JavaScript): You can also use this META tag in the head of the document: meta http-equiv=refresh content=0;url=http://example.com; / (The first part of content is the interval in seconds before the 'refresh' happens...) HTH! -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using more than one SSL cert in keystore?
Paul, Thanks. I am doing as you have instructed. I hope to set up client-side redirects. Can you please tell me how? Does it require javascript, or just HTML? Where can I learn about client side re-directs? Justin Jaynes --- Paul Singleton [EMAIL PROTECTED] wrote: Justin Jaynes wrote: ...But now I would like to put up a new site that is completely independant of the others. It needs its own SSL cert and it needs four host names to all point to the same place and redirect to just one of the domain names so that the SSL cert will be valid, regardless of how the users chose to get to my site. An SSL cert is for a specific domain name. If you want your users to be able to make HTTPS requests to all four domains without warnings from the browser, I reckon you need four certificates. But if they make non-SSL requests, and you respond with a client-side redirect to your one true certificated site using HTTPS, that may work OK? Is it possible to do Virtual Hosting using IP's on a Tomcat standalone installation? Yes, I'm doing this now with 5.5.9 You need e.g. this server.xml stuff for each host: Service Connector (HTTP) Connector (HTTPS) Engine Host Context You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly, fixed in later versions) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.0/63 - Release Date: 3/Aug/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using more than one SSL cert in keystore?
Can keytool be used to make a wildcard SSL Key for similar URLs? I know it can be done using apache. Jef Sullivan Programmer IKANO Communications, Inc. -Original Message- From: Paul Singleton [mailto:[EMAIL PROTECTED] Sent: Thursday, August 04, 2005 8:21 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Using more than one SSL cert in keystore? Justin Jaynes wrote: ...But now I would like to put up a new site that is completely independant of the others. It needs its own SSL cert and it needs four host names to all point to the same place and redirect to just one of the domain names so that the SSL cert will be valid, regardless of how the users chose to get to my site. An SSL cert is for a specific domain name. If you want your users to be able to make HTTPS requests to all four domains without warnings from the browser, I reckon you need four certificates. But if they make non-SSL requests, and you respond with a client-side redirect to your one true certificated site using HTTPS, that may work OK? Is it possible to do Virtual Hosting using IP's on a Tomcat standalone installation? Yes, I'm doing this now with 5.5.9 You need e.g. this server.xml stuff for each host: Service Connector (HTTP) Connector (HTTPS) Engine Host Context You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly, fixed in later versions) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.0/63 - Release Date: 3/Aug/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using more than one SSL cert in keystore?
Justin Jaynes wrote: ...But now I would like to put up a new site that is completely independant of the others. It needs its own SSL cert and it needs four host names to all point to the same place and redirect to just one of the domain names so that the SSL cert will be valid, regardless of how the users chose to get to my site. An SSL cert is for a specific domain name. If you want your users to be able to make HTTPS requests to all four domains without warnings from the browser, I reckon you need four certificates. But if they make non-SSL requests, and you respond with a client-side redirect to your one true certificated site using HTTPS, that may work OK? Is it possible to do Virtual Hosting using IP's on a Tomcat standalone installation? Yes, I'm doing this now with 5.5.9 You need e.g. this server.xml stuff for each host: Service Connector (HTTP) Connector (HTTPS) Engine Host Context You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly, fixed in later versions) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.0/63 - Release Date: 3/Aug/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using more than one SSL cert in keystore?
Bruno, I am hosting a few sites on Tomcat standalone and they all share on SSL certificate because they all use the same domain name (they are just forwards to different directories). But now I would like to put up a new site that is completely independant of the others. It needs its own SSL cert and it needs four host names to all point to the same place and redirect to just one of the domain names so that the SSL cert will be valid, regardless of how the users chose to get to my site. Is it possible to do Virtual Hosting using IP's on a Tomcat standalone installation? Or will it only do the host entries that I am already using? It would solve all my problems if I could. Then, to get four addresses redirected to one, I would simply have to set my default domain name set in server.xml, enter no other host entries, and all the requests sent there would shift to the default domain. I am not sure if this scenario is achieveable. Tomcat may not even be set up for IP virtual hosting. One other thought--Is this more easily achieved by setting up a second instance of tomcat on my machine? Justin --- Bruno Georges [EMAIL PROTECTED] wrote: Justin In this situation, I would use apache + modrewrite If you want some example I can help you Bruno Bruno Georges Glencore International AG Tel. +41 41 709 3204 Fax +41 41 709 3000 - Original Message - From: Justin Jaynes [EMAIL PROTECTED] Sent: 02.08.2005 00:54 To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Using more than one SSL cert in keystore? In the (brief) interim between my asking the original question below, and now, I have found additional information--SSL must occur before HTTP handshake, and will therefore not work on hosts based on the same IP. I have more than one IP available from my ISP. I suppose the question would better be this: How do I cofigure virtual hosting of more than one SSL enabled host over ONE interface using multiple IP addresses? Sorry for the confusion. --- Justin Jaynes [EMAIL PROTECTED] wrote: If I host more than one domain on my tomcat installation (standalone, not with apache), can I imort an SSL certificate for each domain and will tomcat just know which to use for which hosts? Justin Jaynes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] * * LEGAL DISCLAIMER * This message contains confidential information for * the exclusive use of the person mentioned above. * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using more than one SSL cert in keystore?
In the (brief) interim between my asking the original question below, and now, I have found additional information--SSL must occur before HTTP handshake, and will therefore not work on hosts based on the same IP. I have more than one IP available from my ISP. I suppose the question would better be this: How do I cofigure virtual hosting of more than one SSL enabled host over ONE interface using multiple IP addresses? Sorry for the confusion. --- Justin Jaynes [EMAIL PROTECTED] wrote: If I host more than one domain on my tomcat installation (standalone, not with apache), can I imort an SSL certificate for each domain and will tomcat just know which to use for which hosts? Justin Jaynes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using more than one SSL cert in keystore?
Justin In this situation, I would use apache + modrewrite If you want some example I can help you Bruno Bruno Georges Glencore International AG Tel. +41 41 709 3204 Fax +41 41 709 3000 - Original Message - From: Justin Jaynes [EMAIL PROTECTED] Sent: 02.08.2005 00:54 To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: Using more than one SSL cert in keystore? In the (brief) interim between my asking the original question below, and now, I have found additional information--SSL must occur before HTTP handshake, and will therefore not work on hosts based on the same IP. I have more than one IP available from my ISP. I suppose the question would better be this: How do I cofigure virtual hosting of more than one SSL enabled host over ONE interface using multiple IP addresses? Sorry for the confusion. --- Justin Jaynes [EMAIL PROTECTED] wrote: If I host more than one domain on my tomcat installation (standalone, not with apache), can I imort an SSL certificate for each domain and will tomcat just know which to use for which hosts? Justin Jaynes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] * * LEGAL DISCLAIMER * This message contains confidential information for * the exclusive use of the person mentioned above. * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]