Re: Virtual Hosts and SSL Certificates

2005-04-28 Thread Mark Thomas
You will need two SSL connectors, once for each host.
Mark
Fritz Schneider wrote:
I am running TC 5.5.8 standalone under Windows XP Pro. I have two domains
coming in to the same IP address, one for production and one for testing.
There are two  elements in my . I have a CA created SSL
certificate for the production domain, but I want to add a self-signed
certificate for the test domain.
My question is: if I import my test certificate with alias tomcat, will that
overwrite my production certificate? Can I import it with a different alias?
If so, how does the SSL Connector find it?
Thanks,
Fritz
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Re: Virtual Hosts and SSL Certificates

2005-04-28 Thread Mark Thomas
You will need to SSL connectors, once for each host.
Mark
Fritz Schneider wrote:
I am running TC 5.5.8 standalone under Windows XP Pro. I have two domains
coming in to the same IP address, one for production and one for testing.
There are two  elements in my . I have a CA created SSL
certificate for the production domain, but I want to add a self-signed
certificate for the test domain.
My question is: if I import my test certificate with alias tomcat, will that
overwrite my production certificate? Can I import it with a different alias?
If so, how does the SSL Connector find it?
Thanks,
Fritz
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


RE: Virtual Hosts and SSL

2004-12-18 Thread Benson Margulies
Some posters misunderstand virtual hosts.

The first step in creating a virtual host is to assign it a unique IP
address and host name. 

The second step is to configuring the machine's ethernet adapter to have
several IP addresses. This is done on Unix/Linux by creating additional
devices with the : syntax and on Windows by adding them to the config
dialog box.

The third step is to configure the web server to know about all this.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Virtual Hosts and SSL

2004-12-18 Thread QM
On Fri, Dec 17, 2004 at 09:38:01PM -0700, Daniel Watrous wrote:
: I know that in apache, and I suspect that it is a general rule, an SSL 
: (HTTPS) connection requires a unique IP address.  In other words, virtual 
: hosts do not work with SSL.

Correct.  This is (or at least, should be) true all around: the SSL
negotiation takes place at a lower protocol level than the HTTP request
that specifies which virtual host the client wants to see.  Yet, it's
during the negotiation phase that client software compares the requested
hostname to the CN value of the cert.  

-QM

-- 

software  -- http://www.brandxdev.net
tech news -- http://www.RoarNetworX.com


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Virtual Hosts and SSL

2004-12-17 Thread Daniel Watrous
I know that in apache, and I suspect that it is a general rule, an SSL 
(HTTPS) connection requires a unique IP address.  In other words, virtual 
hosts do not work with SSL.

Daniel
- Original Message - 
From: "Mike Kennedy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, December 17, 2004 3:04 PM
Subject: Virtual Hosts and SSL


Hello,
I can't find anything specific to my question in the FAQs but I'm trying
to set up a tomcat server with virtual hosts using https. I have two ips,
each with its own SSL cert as I understand is necessary for https.
What I want is to have each ip use port 443 with its own document tree
(virtual host) but I cannot seem to get this to work. When I set up an
additional ip to use port 443 I get an error 400 (bad request).
Thanks,
Mike
--
Mike Kennedy
Systems Group, C&C
[EMAIL PROTECTED]
951.827.5922

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Re: Virtual Hosts and SSL

2004-12-17 Thread Steven J. Owens
Mike,

On Fri, Dec 17, 2004 at 02:04:43PM -0800, Mike Kennedy wrote:
> I can't find anything specific to my question in the FAQs but I'm trying
> to set up a tomcat server with virtual hosts using https. I have two ips,
> each with its own SSL cert as I understand is necessary for https.
> 
> What I want is to have each ip use port 443 with its own document tree
> (virtual host) but I cannot seem to get this to work. When I set up an
> additional ip to use port 443 I get an error 400 (bad request).

 I'm not sure what you mean by "virtual host".  AFAIK there are
generally two uses of the phrase.  

 The first is to refer to a single web server answering to more
than one domain name _without_ using one IP address per domain name.

 The second is to offer a customer seemingly full access to a
server to run their website, without having one separate physical box
per customer.  Some solutions go all the way and try to make the
customer feel like they have root on the box.  Some solutions just provide
the customer a greater-than-end-user level of access to tweaking the
configuration of their webserver, cgi scripts and database.


 If you're asking the first, I don't know if my recent learning
experience with Apache Virtual hosting will be relevant, but it may be
give you some insight into what you're doing.  It may only go for
tomcat used in an apache/modjk/tomcat setup.  Or it may not be at all
relevant to tomcat, whether stand-alone or with apache.

 I recently re-installed my apache server, and in the process set
up apache virtual hosting.  I learned that it's almost impossible to
set up SSL with virtual hosts with apache, you need to use IP-based
hosting if you want to serve multiple domains from one apache
installation via SSL, without any hitches.

 That said, if all you really care about is encrypting the
connection, non-IP based (i.e. virtual) multiple domain hosting is
still tolerable.

 Basically the SSL cert that's served by the server will match the
default virtual host (the first one defined in the configuration).
Requests to the other domains on the SSL port will hit the same SSL
server and get served the SSL cert for the default domain.  The
browser will squawk because the Cert doesn't match the domain.  

 If you're *really* security-conscious, this is a problem, since
there's an opportunity for a man-in-the-middle attack.  Somebody could
slip the browser a bogus Cert and proxy requests to your server,
eavesdropping on them all the while.  But if you're just providing
some encrypted web-access to an application, you may not mind.

 Security is all about trade-offs.

-- 
Steven J. Owens
[EMAIL PROTECTED]

"I'm going to make broad, sweeping generalizations and strong,
 declarative statements, because otherwise I'll be here all night and
 this document will be four times longer and much less fun to read.
 Take it all with a grain of salt." - http://darksleep.com/notablog


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]