Suppose a webapp, "foo.war", is deployed to a single standalone Tomcat instance, installed in c:\tomcat, on a single host whose IP address is 1.2.3.4. There are a half-dozen hostnames that resolve to 1.2.3.4, including www.foo.com, www.bar.net, and www.boom.org. No distinction is made among the various hostnames... virtual hosting isn't being used. As long as the user makes a request to a hostname that resolves to 1.2.3.4, Tomcat is happy to serve the request.
Is there any way to associate three SSL certificates with it -- one for www.foo.com, one for www.bar.net, and one for www.boom.org, so that requests to https://www.foo.com/foo/page.jsp, https://www.bar.net/foo/page.jsp, and https://www.boom.org/foo/page.jsp will all satisfy both Tomcat *AND* the browser? Note that I'm specifically *NOT* trying to have multiple different sites sharing the same IP address with different hostnames. I know SSL doesn't support that. What I'm trying to do is ensure that regardless of what hostname is used to access the https page, the browser will be presented with a valid certificate so it won't gripe about the certificate's name not matching the site's hostname. I know that the usual obstacle lies with the request header itself being encrypted. However, if that's still the case, why couldn't Tomcat just iterate through all the plausible keys available to it, one at a time, in descending order of likelihood, until it finds one that decrypts it into a valid request & then send the reply with THAT one? To give a real-world analogy, it would kind of be like when a friend asks you to watch his house while he's out of town, hands you a ring with a dozen keys that all look alike, and you have to try them one at a time until you find the one that fits and unlocks the door... Yeah, it would increase the load on the server for requests to that one page, but seeing how the only thing on the entire site that's actually SSL is the login page and the actual number of possible hostnames/keys is fairly small, the performance penalty of brute force doesn't seem like all that big of a deal. Thanks!
