Thanks... Would be nice to utili1 keystore aliases..but that'll work
-----Original Message-----
From: Peter Rossbach [mailto:[EMAIL PROTECTED]
Sent: Wed Mar 24 02:46:17 2004
To: Tomcat Users List
Subject: Re: Tomcat 5 Multiple SSL certificates (virtual hosts)
Hello Arthur,
I have successfull tested those system with mulple IP Interfaces and
different certs.
One thing is a good practice:
have small Service for admin web application
The Engine name are Catalina of this service.
Here my example configuration with one Catalina Service an two IP
Service with different certs.
<Server port="7305" shutdown="SHUTDOWN" debug="0">
<!-- Enable JMX MBeans support -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<!-- Global JNDI resources -->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users -->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Service name="Catalina">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 7380 -->
<Connector
port="7380"
enableLookups="false"
acceptCount="10"
address="localhost"/>
<Engine name="Catalina" defaultHost="localhost" debug="0">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<!-- Developer Mode -->
<Host
name="localhost"
appBase="webapps"
unpackWARs="false"
autoDeploy="true"
deployXML="true"
deployOnStartUp="true"
>
</Host>
</Engine>
</Service>
<Service name="Secure-WebDev1">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 7380 -->
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
port="7380"
redirectPort="7543"
address="secure1"/>
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
port="7543"
acceptCount="100" scheme="https" secure="true"
address="secure1">
<Factory
className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
keystoreFile="conf/secure1.keystore"
clientAuth="false"
keystorePass="changeit"
protocol="TLS"
SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" />
</Connector>
<Engine name="Secure-Webdev1" defaultHost="secure1" debug="0">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
dir="secure1/logs"
timestamp="true"/>
<!-- Developer Mode -->
<Host
name="secure1"
appBase="secure1/webapps"
unpackWARs="false"
autoDeploy="true"
deployXML="true"
deployOnStartUp="true"
>
<!--
<Valve
className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
-->
</Host>
</Engine>
</Service>
<Service name="Secure-WebDev2">
<!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 7380 -->
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
port="7380"
redirectPort="7543"
address="secure2"/>
<Connector className="org.apache.coyote.tomcat5.CoyoteConnector"
port="7543"
scheme="https" secure="true"
address="secure2">
<Factory
className="org.apache.coyote.tomcat5.CoyoteServerSocketFactory"
keystoreFile="conf/secure2.keystore"
clientAuth="false"
keystorePass="changeit2"
protocol="TLS"
SSLImplementation="org.apache.tomcat.util.net.jsse.JSSEImplementation" />
</Connector>
<Engine name="Secure-Webdev2" defaultHost="secure2" debug="0">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>
<!-- Global logger unless overridden at lower levels -->
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
dir="secure2/logs"
timestamp="true"/>
<!-- Developer Mode -->
<Host
name="secure2"
appBase="secure2/webapps"
unpackWARs="false"
autoDeploy="true"
deployXML="true"
deployOnStartUp="true"
>
<!--
<Valve
className="org.apache.catalina.authenticator.SingleSignOn"
debug="0"/>
-->
</Host>
</Engine>
</Service>
</Server>
I hope this help
Peter
--
http://tomcat.objektpark.org/
Bill Barker schrieb:
>IMHO, using separate keystore files is the easiest option. However, it
>should also be possible to specify which cert to use via the 'keyAlias'
>attribute on the Connector.
>
>"D'Alessandro, Arthur" <[EMAIL PROTECTED]> wrote in message
>news:[EMAIL PROTECTED]
>We'd like to implement a single Tomcat 5 server running multiple ip
>address aliases, each with it's own SSL certificate assigned. I do not
>see a configuration option, other than potentially trying to utilize a
>different keystore file (each with it's own tomcat alias cert) for each
>virtual host.
>
>Is there an easier way, and has anyone had any success in doing so?
>
>-Arthur
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
