I don't have a server set up with multiple certificates right now, so I can't give you
a snippet from a server.xml file. It would look something like this though:
<Server.....>
<Service .....name="Tomcat-Standalone" ....>
<Connector ..... address="192.168.1.1" scheme="https" port="8443" ....>
<Factory...keystoreFile="/home/tomcat/www.domainone.com/.keystore"
keystorePass="changeit" .....>
</Connector>
<Connector ..... address="192.168.1.2" scheme="https" port="8443" ....>
<Factory...keystoreFile="/home/tomcat/www.domaintwo.com/.keystore"
keystorePass="changeit" .....>
</Connector>
</Service>
</Server>
I've only done this with standalone Tomcat. Note that you've got to have different
IPs (which can be on the same or different network cards). Of course the location of
the keystore file and the password are up to you.
I've found this article very helpful - although it doesn't deal with SSL specifically,
it gives you a lot of good tips that I used to make this multiple SSL certificate
thing work.
http://www-106.ibm.com/developerworks/linux/library/l-secjav.html
Roman
-----Original Message-----
From: Rich P [mailto:[EMAIL PROTECTED]
Sent: Tue 6/3/2003 1:41 PM
To: Tomcat Users List
Cc:
Subject: RE: Multiple SSL cert for Tomcat
Hi Roman,
Is it possible to paste a sample of your server.xml
with -
Define multiple Connectors for the SSL port, each
> with a distinct IP address AND distinct keystore
> file
Thanks
--- Roman Fail <[EMAIL PROTECTED]> wrote:
> You can have multiple SSL certificates. They cannot
> be on the same IP address (although you can use the
> same port number on different IPs). Since the HTTP
> header is encrypted within the transmission, the
> requested domain name can't be determined until
> after decryption - so it wouldn't know which SSL
> certificate to use for decryption.
>
> The way I've done it:
> - Separate IP addresses for each distinct domain
> name/SSL cert combination
> - Define multiple Connectors for the SSL port, each
> with a distinct IP address AND distinct keystore
> file
> - Each keystore file has an individual SSL
> certificate stored in it (with key name 'tomcat')
>
> Hope this helps.
>
> Roman
>
> -----Original Message-----
> From: Rich P [mailto:[EMAIL PROTECTED]
> Sent: Tue 6/3/2003 12:04 PM
> To: [EMAIL PROTECTED]
> Cc:
> Subject: Multiple SSL cert for Tomcat
>
>
>
> All,
>
> From reading the SSL howto, it looks like I can
> have
> multiple SSL cert with different passwd (if needed)
> in
> the same keystore file.
>
> Situation,
>
> 1 server, common web application - 2 gua with 2
> different URL's (each with their own ssl cert)
>
> Questions,
>
> 1. Can I serve both sites from one port (8443)
> 2. Do I need to define multiple service containers
> per
> URL
>
>
> TIA
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Calendar - Free online calendar with sync to
> Outlook(TM).
> http://calendar.yahoo.com
>
>
>
__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com
