I am trying to set up tomcat with multiple virtual hosts, each with
their own SSL certificate. Is this possible? Do I add each certificate
to the main keystore as per one host?
cheers
-
To start a new topic, e-mail:
You can only have 1 ssl certificate per IP address
Andrew
On 25/08/2006, at 11:09 AM, teknokrat wrote:
I am trying to set up tomcat with multiple virtual hosts, each with
their own SSL certificate. Is this possible? Do I add each
certificate to the main keystore as per one host?
Andrew (hi namesake :)): are you sure of that?
I mean, what are you saying? That tomcat can only have 1 ssl
certificate per IP address, or that it is a general limitation of
the architecture of SSL certificates.
As far as i know hoy can have one ssl certificate per domain, and so
more than one
You can set 1 ssl certificate for each port over the same ip.
ie:
https://domain1.com/ takes default ssl port 443 and one cert.
https://domain2.com:10443/ takes another cert.
etc...
So you must listen ssl conexion on each port that you need
And take a look at
From: Andrés González [mailto:[EMAIL PROTECTED]
I mean, what are you saying? That tomcat can only have 1 ssl
certificate per IP address, or that it is a general limitation of
the architecture of SSL certificates.
It is a general limitation of SSL. To be strict: you can only have one
Peter Crowther wrote:
From: Andrés González [mailto:[EMAIL PROTECTED]
I mean, what are you saying? That tomcat can only have 1 ssl
certificate per IP address, or that it is a general limitation of
the architecture of SSL certificates.
It is a general limitation of SSL. To be strict: you can
Peter is correct - I was just being a bit lazy in my answer...
The ssl connection is setup BEFORE any 'hostname' information is
passed over the link, and therefore the server would not know 'which'
virtual hostname's ssl certificate to use.
Therefore - 1 certificate per IP Address/ Port
On 8/25/06, teknokrat [EMAIL PROTECTED] wrote:
So lets see if i understand this correctly. I can only have multiple SSL
certificates if I create different Services in server.xml pointing to
different ports?
No, you don't need different Services; you need a Connector and
associated keystore
Hassan Schroeder wrote:
On 8/25/06, teknokrat [EMAIL PROTECTED] wrote:
So lets see if i understand this correctly. I can only have multiple SSL
certificates if I create different Services in server.xml pointing to
different ports?
No, you don't need different Services; you need a
On 8/25/06, Paul Singleton [EMAIL PROTECTED] wrote:
In 5.5.9 you can put all your certificates in one
keystore ...
I suggest you don't proliferate keystores unless you
really have to...
Why? It seems far more manageable to me having them separate...
--
Hassan Schroeder
In 5.5.9 you can put all your certificates in one
keystore ...
I suggest you don't proliferate keystores unless you
really have to...
Why? It seems far more manageable to me having them separate...
Mmm... i don't agree. Only a keystore, only a location for it, only
one password. I like the
11 matches
Mail list logo
