https://bz.apache.org/bugzilla/show_bug.cgi?id=57108
--- Comment #11 from Christopher Schultz <ch...@christopherschultz.net> --- (In reply to Unlogic from comment #10) > Well this is a bit tricky because there is two sides to this coin. > > In some cases you have a wildcard certificates or subject alternative name > certificates the cover lots of domains. In those cases the current connector > based approach works fine fine. We have to continue to support the current connector configuration, anyway. I figured that whatever configuration the <Connector> had would be the default for all of the hosts. In that case, you'd probably want to put the wildcard cert, etc. on the <Connector> and do nothing special for each host. > A trade off between the two solutions could be to define the keystores using > a separate element in the config like when you define a connection pool. And > then make it possible for both the connectors, hosts and aliases to refer > back to the defined keystores depending on the use case. > > Here's an example: > > <Keystore > name="firstKeystore" > truststoreFile="..." (and other truststore attributes) > keystoreFile="..." (and other keystore attributes) > [other allowed configuration attributes]> This is pretty much what my <TLSAlias> proposal was, except that they would be explicitly-referenced from <Connector> and/or <Host> instead of being nested within. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
