Actually, you can as far as I know. What is required is a dedicated IP per virtual host.
In the tomcat configuration you would add a SSL <Connector /> per virtual host, on port 443 (for example) eah bound to a separate IP - each with its own keystore - containing the cert for the relevant virtual host. This should be done in a separate Tomcat <Service /> and <Engine />. Example: <Service name="SSLHosts"> <!-- SSLHOST PUBLIC SITE HTTPS CONNECTOR --> <Connector port="443" address="192.168.128.199" maxPostSize="0" maxThreads="500" minSpareThreads="10" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" keystoreFile="D:\certs\www.ssl.com.key" keystorePass="passwd" keystoreType="JKS" sslProtocol="TLS" /> <!-- SSLHOST2 PUBLIC SITE HTTPS CONNECTOR --> <Connector port="443" address="192.168.128.200" maxPostSize="0" maxThreads="500" minSpareThreads="10" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" debug="0" scheme="https" secure="true" clientAuth="false" keystoreFile="D:\certs\www.ssl2.com.key" keystorePass="passwd" keystoreType="JKS" sslProtocol="TLS" /> <Engine name="SSLHosts" defaultHost="notfound"> <Logger className="org.apache.catalina.logger.FileLogger" /> <Host name="notfound"> <Context path="" docBase="D:\notfound" reloadable="false" /> </Host> <!-- SSLHOST PUBLIC SITE HOST BLOCK --> <Host name="www.ssl.com" deployOnStartup="false" autoDeploy="false" > <Valve className="org.apache.catalina.valves.AccessLogValve" directory="D:\logs\SSLHost" prefix="www.ssl.com" suffix="_tomcat.log" pattern="common" resolveHosts="false" rotatable="false" /> <Context path="" docBase="D:\www\SSLHost\ROOT" reloadable="true" /> <Context path="/userimages" docBase="D:\www\SSLHost\userimages" /> </Host> <!-- SSLHOST2 PUBLIC SITE HOST BLOCK --> <Host name="www.ssl2.com" deployOnStartup="false" autoDeploy="false" > <Valve className="org.apache.catalina.valves.AccessLogValve" directory="D:\logs\SSLHost2" prefix="www.ssl2.com" suffix="_tomcat.log" pattern="common" resolveHosts="false" rotatable="false" /> <Context path="" docBase="D:\www\SSLHost2\ROOT" reloadable="true" /> <Context path="/userimages" docBase="D:\www\SSLHost2\userimages" /> </Host> </Engine> </Service> Hope that helps. Regards, Carl -----Original Message----- From: Graham Leggett [mailto:[EMAIL PROTECTED] Sent: 15 July 2004 10:49 AM To: Tomcat Users List Subject: Re: can a virtual host have its own privatly used SSL certificate? Guy Katz wrote: > i am going to put my application in a shared hosting solution which > does not provide any shared SSL support. > is it possible to buy and put a SSL certificate in the scope of my > virtual host in the hosting company. (i mean is it technically > possible - disregarding the hosting company policy). Technical short answer: no. Regards, Graham -- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]