Wait a second...Tomcat will determine which cert to send down based upon the IP address that the browser went to? I guess that makes sense...so does the web server never get to see what domain the browser was looking up to come to the site, or is that info available?
I'm just trying to figure out if there's a way to run the website for a limited time with 2 domains and 2 certs--I mean, the 2 domains, each with their own cert, but with one single public IP address. We have a bigIP load balancer in front of our Tomcat servers...so do our Tomcat servers still see the public IP address that was used to reach them? I ask because those boxes only have private IPs, and the load balancer has the only public IP. If there's no way to do it, then I guess we just arbitrarily switch at some point and don't worry about the people using the old domain seeing invalid certificate messages... ----- Original message ----- From: "Steffen Heil" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[email protected]> Date: Sat, 5 Feb 2005 01:26:00 +0100 Subject: AW: certificate question for 2 domains pointing to same website Hi > If we do this and get that new certificate into the keystore > used by our Tomcat 4, will everything be fine, or will Tomcat > present 2 certificates to users accessing the site? I mean, > will it correctly present the certificate for the old domain > to the user when they go to the old domain, and the new > certificate to those entering via the new domain? No. This is impossible. The information which domain is used is already encrypted. So if you need 2 certs, you need 2 ips. If you configure 2 ips with 2 connectors and 2 certs, everything is fine. Regards, Steffen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
