Re: Can Tomcat support multiple SSL certificates for multiple domains?
Ooops, my fault! I've read and replied too fast (maybe because it's Monday? :-)) Of course this shouldn't be done with *two domain names* only with two host names in the same domain... I suppose it won't work in actual browsers but if it does I let you all know... Sorry Jan Hassan Schroeder schrieb: > On Feb 11, 2008 5:00 AM, Jan Mönnich <[EMAIL PROTECTED]> wrote: > >> You can get one certificate with both domain names in the "Subject >> Alternative Name" of the Certificate. All modern browsers can handle that >> and you can use just one Certificate for both domains. That's the >> workaround we are recommending to all of our customers. > > Have you actually seen this deployed? > > I ask because I've only seen Subject Alternative Name used as e.g. > foo.example.com, bar.example.com -- never two *domain* names. > > If that really works, it'd be good to know :-) > -- Dipl.-Inf. (FH) Jan Mönnich, PKI Team Phone: +49 40 808077-632, Fax: +49 40 808077-556, [EMAIL PROTECTED] DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Can Tomcat support multiple SSL certificates for multiple domains?
On Feb 11, 2008 5:00 AM, Jan Mönnich <[EMAIL PROTECTED]> wrote: > You can get one certificate with both domain names in the "Subject > Alternative Name" of the Certificate. All modern browsers can handle that > and you can use just one Certificate for both domains. That's the > workaround we are recommending to all of our customers. Have you actually seen this deployed? I ask because I've only seen Subject Alternative Name used as e.g. foo.example.com, bar.example.com -- never two *domain* names. If that really works, it'd be good to know :-) -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can Tomcat support multiple SSL certificates for multiple domains?
Hi Dave, there is another possible solution I just wanted to mention here: You can get one certificate with both domain names in the "Subject Alternative Name" of the Certificate. All modern browsers can handle that and you can use just one Certificate for both domains. That's the workaround we are recommending to all of our customers. Greetz Jan Gabe Wong schrieb: > Dave wrote: >> Hi, >> I have one JBoss instance (4.0.5GA) running on Linux. The machine >> has one IP with two domains. >> www.domain1.com >> www.domain2.com >> I have two SSL certificates, one for each domain, imported into >> keystore. >> I need to use both without any warnings from browser >> https://www.domain1.com >> https://www.domain2.com >> Can Tomcat pick the right certificate based on current domain name? >> But according to >> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html >> keyAlias Add this element if your have more than one key >> in the KeyStore. If the element is not present the first key read in >> the KeyStore will be used. >> How to work around this? >> Thanks for help! >> Dave >> > Refer to the following link: > http://marc.info/?l=tomcat-user&m=120239893800741&w=2 > > For additional info: > http://marc.info/?l=tomcat-user&w=2&r=1&s=ssl&q=b > -- Dipl.-Inf. (FH) Jan Mönnich, PKI Team Phone: +49 40 808077-632, Fax: +49 40 808077-556, [EMAIL PROTECTED] DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Can Tomcat support multiple SSL certificates for multiple domains?
Dave wrote: Hi, I have one JBoss instance (4.0.5GA) running on Linux. The machine has one IP with two domains. www.domain1.com www.domain2.com I have two SSL certificates, one for each domain, imported into keystore. I need to use both without any warnings from browser https://www.domain1.com https://www.domain2.com Can Tomcat pick the right certificate based on current domain name? But according to http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html keyAlias Add this element if your have more than one key in the KeyStore. If the element is not present the first key read in the KeyStore will be used. How to work around this? Thanks for help! Dave Refer to the following link: http://marc.info/?l=tomcat-user&m=120239893800741&w=2 For additional info: http://marc.info/?l=tomcat-user&w=2&r=1&s=ssl&q=b -- Regards Gabe Wong NGASI AppServer Manager JAVA AUTOMATION and SaaS Enablement http://www.ngasi.com>http://www.ngasi.com NEW! 8.0 - Centrally manage multiple physical servers - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]