-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Raffaele,
Raffaele wrote: > Inside server.xml, I have decommented the xml fragment about https, but I > have noticed studying a little the documentation that through keyAlias > attribute I can specify a specific alias to be used as valid certificate. > > My question is, How should I configure server.xml (or other things) to use > different certificates with different web apps? Typically, certificates are bound to domain names, not web applications. Are you saying that you want to have multiple virtual hosts, each with separate certificates? I don't believe that's possible, not even with any other server. The problem is that the client contacts a particular port (usually 443 for HTTPS) and is immediately presented with the server's certificate (before any other information is transmitted). Since virtual hosting works by having the server sniff the client's "Host" HTTP header, there's no time to read that header before the certificate needs to be presented to the client. Basically, if you want more than one cert, you need more than one port listening for HTTPS requests, each with the appropriate cert configured for each. The same is true for Apache, IIS, etc. -- it's an issue with the protocol, not the implementation. Sorry, - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHSxiV9CaO5/Lv0PARAoemAKC3lZsYpiUxPl/e5AoFih0s+cfT+ACguiI5 3XIyGrscaN9klxk40bkrrp4= =wphr -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
