Actually, you can as far as I know.
What is required is a dedicated IP per virtual host.
In the tomcat configuration you would add a SSL <Connector /> per virtual
host, on port 443 (for example) eah bound to a separate IP - each with its
own keystore - containing the cert for the relevant virtual host.
This should be done in a separate Tomcat <Service /> and <Engine />.
Example:
<Service name="SSLHosts">
<!-- SSLHOST PUBLIC SITE HTTPS CONNECTOR -->
<Connector port="443" address="192.168.128.199"
maxPostSize="0" maxThreads="500" minSpareThreads="10" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" acceptCount="100"
debug="0" scheme="https" secure="true" clientAuth="false"
keystoreFile="D:\certs\www.ssl.com.key" keystorePass="passwd"
keystoreType="JKS" sslProtocol="TLS" />
<!-- SSLHOST2 PUBLIC SITE HTTPS CONNECTOR -->
<Connector port="443" address="192.168.128.200"
maxPostSize="0" maxThreads="500" minSpareThreads="10" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" acceptCount="100"
debug="0" scheme="https" secure="true" clientAuth="false"
keystoreFile="D:\certs\www.ssl2.com.key" keystorePass="passwd"
keystoreType="JKS" sslProtocol="TLS" />
<Engine name="SSLHosts" defaultHost="notfound">
<Logger
className="org.apache.catalina.logger.FileLogger" />
<Host name="notfound">
<Context path="" docBase="D:\notfound"
reloadable="false" />
</Host>
<!-- SSLHOST PUBLIC SITE HOST BLOCK -->
<Host name="www.ssl.com" deployOnStartup="false"
autoDeploy="false" >
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="D:\logs\SSLHost" prefix="www.ssl.com" suffix="_tomcat.log"
pattern="common" resolveHosts="false" rotatable="false" />
<Context path=""
docBase="D:\www\SSLHost\ROOT" reloadable="true" />
<Context path="/userimages"
docBase="D:\www\SSLHost\userimages" />
</Host>
<!-- SSLHOST2 PUBLIC SITE HOST BLOCK -->
<Host name="www.ssl2.com" deployOnStartup="false"
autoDeploy="false" >
<Valve
className="org.apache.catalina.valves.AccessLogValve"
directory="D:\logs\SSLHost2" prefix="www.ssl2.com" suffix="_tomcat.log"
pattern="common" resolveHosts="false" rotatable="false" />
<Context path=""
docBase="D:\www\SSLHost2\ROOT" reloadable="true" />
<Context path="/userimages"
docBase="D:\www\SSLHost2\userimages" />
</Host>
</Engine>
</Service>
Hope that helps.
Regards,
Carl
-----Original Message-----
From: Graham Leggett [mailto:[EMAIL PROTECTED]
Sent: 15 July 2004 10:49 AM
To: Tomcat Users List
Subject: Re: can a virtual host have its own privatly used SSL certificate?
Guy Katz wrote:
> i am going to put my application in a shared hosting solution which
> does not provide any shared SSL support.
> is it possible to buy and put a SSL certificate in the scope of my
> virtual host in the hosting company. (i mean is it technically
> possible - disregarding the hosting company policy).
Technical short answer: no.
Regards,
Graham
--
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
