Hi Nikko, I asume that you really want 2 connectors with 2 different key stores, not 2 different trust stores.
If you have 2 ip addresses then its easy - define 2 connectors and use their address attribute to assign each connector one ip address. If you have only 1 ip address then you might have a problem. The problem with name based virtual hosts under https/ssl is that ssl handshake (which involves server sending a certificate for some domain) happens after tcp/ip connection is established - before the HOST part of the http request can be read. So if you would have 2 different https virtual domains on same ip:port, the server wouldn't know which certificate to send just after a tcp/ip connection was established, because it must decide what certificate to send based on information which is inside the HTTP request, which can be read only after establishing a ssl connection. This is a general problem, not just Tomcat specific. Maybe if your domains are really similar to host1.myhost.com and host2.myhost.com you could use a wildcard certificate (*.myhost.com) or if you are using a self-signed certificate and want just https encryption and not server verification - then you could use 1 Tomcat connector. And btw if you are defining a https connector in tomcat you are using a key store - a trust store is used when you verify client certificates when you set clientAuth="true" which is rare. On Tue, Mar 8, 2011 at 1:57 PM, Nikko Nikko <nikk....@gmail.com> wrote: > Hi, > > > > Is It possible to define 2 SSL connectors for 2 different virtual domain > domains? For example I want to define 2 virtual hosts: “host1.myhost.com” > and “host2.myhost.com” and want to have different trust store for each of > them. I want to run them in one and the same Tomcat instance. > > > > Best regards, > > Nikko. > -- Why? Because YES! --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
