Re: Virtual Hosts and SSL Certificates
You will need two SSL connectors, once for each host. Mark Fritz Schneider wrote: I am running TC 5.5.8 standalone under Windows XP Pro. I have two domains coming in to the same IP address, one for production and one for testing. There are two elements in my . I have a CA created SSL certificate for the production domain, but I want to add a self-signed certificate for the test domain. My question is: if I import my test certificate with alias tomcat, will that overwrite my production certificate? Can I import it with a different alias? If so, how does the SSL Connector find it? Thanks, Fritz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts and SSL Certificates
You will need to SSL connectors, once for each host. Mark Fritz Schneider wrote: I am running TC 5.5.8 standalone under Windows XP Pro. I have two domains coming in to the same IP address, one for production and one for testing. There are two elements in my . I have a CA created SSL certificate for the production domain, but I want to add a self-signed certificate for the test domain. My question is: if I import my test certificate with alias tomcat, will that overwrite my production certificate? Can I import it with a different alias? If so, how does the SSL Connector find it? Thanks, Fritz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Virtual Hosts and SSL
Some posters misunderstand virtual hosts. The first step in creating a virtual host is to assign it a unique IP address and host name. The second step is to configuring the machine's ethernet adapter to have several IP addresses. This is done on Unix/Linux by creating additional devices with the : syntax and on Windows by adding them to the config dialog box. The third step is to configure the web server to know about all this. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts and SSL
On Fri, Dec 17, 2004 at 09:38:01PM -0700, Daniel Watrous wrote: : I know that in apache, and I suspect that it is a general rule, an SSL : (HTTPS) connection requires a unique IP address. In other words, virtual : hosts do not work with SSL. Correct. This is (or at least, should be) true all around: the SSL negotiation takes place at a lower protocol level than the HTTP request that specifies which virtual host the client wants to see. Yet, it's during the negotiation phase that client software compares the requested hostname to the CN value of the cert. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts and SSL
I know that in apache, and I suspect that it is a general rule, an SSL (HTTPS) connection requires a unique IP address. In other words, virtual hosts do not work with SSL. Daniel - Original Message - From: "Mike Kennedy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 17, 2004 3:04 PM Subject: Virtual Hosts and SSL Hello, I can't find anything specific to my question in the FAQs but I'm trying to set up a tomcat server with virtual hosts using https. I have two ips, each with its own SSL cert as I understand is necessary for https. What I want is to have each ip use port 443 with its own document tree (virtual host) but I cannot seem to get this to work. When I set up an additional ip to use port 443 I get an error 400 (bad request). Thanks, Mike -- Mike Kennedy Systems Group, C&C [EMAIL PROTECTED] 951.827.5922 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts and SSL
Mike, On Fri, Dec 17, 2004 at 02:04:43PM -0800, Mike Kennedy wrote: > I can't find anything specific to my question in the FAQs but I'm trying > to set up a tomcat server with virtual hosts using https. I have two ips, > each with its own SSL cert as I understand is necessary for https. > > What I want is to have each ip use port 443 with its own document tree > (virtual host) but I cannot seem to get this to work. When I set up an > additional ip to use port 443 I get an error 400 (bad request). I'm not sure what you mean by "virtual host". AFAIK there are generally two uses of the phrase. The first is to refer to a single web server answering to more than one domain name _without_ using one IP address per domain name. The second is to offer a customer seemingly full access to a server to run their website, without having one separate physical box per customer. Some solutions go all the way and try to make the customer feel like they have root on the box. Some solutions just provide the customer a greater-than-end-user level of access to tweaking the configuration of their webserver, cgi scripts and database. If you're asking the first, I don't know if my recent learning experience with Apache Virtual hosting will be relevant, but it may be give you some insight into what you're doing. It may only go for tomcat used in an apache/modjk/tomcat setup. Or it may not be at all relevant to tomcat, whether stand-alone or with apache. I recently re-installed my apache server, and in the process set up apache virtual hosting. I learned that it's almost impossible to set up SSL with virtual hosts with apache, you need to use IP-based hosting if you want to serve multiple domains from one apache installation via SSL, without any hitches. That said, if all you really care about is encrypting the connection, non-IP based (i.e. virtual) multiple domain hosting is still tolerable. Basically the SSL cert that's served by the server will match the default virtual host (the first one defined in the configuration). Requests to the other domains on the SSL port will hit the same SSL server and get served the SSL cert for the default domain. The browser will squawk because the Cert doesn't match the domain. If you're *really* security-conscious, this is a problem, since there's an opportunity for a man-in-the-middle attack. Somebody could slip the browser a bogus Cert and proxy requests to your server, eavesdropping on them all the while. But if you're just providing some encrypted web-access to an application, you may not mind. Security is all about trade-offs. -- Steven J. Owens [EMAIL PROTECTED] "I'm going to make broad, sweeping generalizations and strong, declarative statements, because otherwise I'll be here all night and this document will be four times longer and much less fun to read. Take it all with a grain of salt." - http://darksleep.com/notablog - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]