> From: Andrés González [mailto:[EMAIL PROTECTED] > I mean, what are you saying? That tomcat can only have 1 ssl > certificate per IP address, or that it is a "general" limitation of > the architecture of SSL certificates.
It is a general limitation of SSL. To be strict: you can only have one certificate per *endpoint*, that is, IP address/port combination. The reason is that the negotiation of the encrypted connection is done *before* the host header is sent. Therefore the server has to deduce which certificate to send without knowing which Web site the client wishes to access. Therefore the server always sends the one certificate that you have associated with that endpoint. If you don't mind URLs of the form https://myserver.example:8443/somepage then you can have multiple certificates per IP address, and indeed per Tomcat. But the sites need to be served on different ports. - Peter --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
