Password Input on Tomcat Startup
Hi folks, we have a very sensitive webapp that requires the input of a password when the tomcat server starts. We don't want to store this password in a file. One way we've already tested could be the use of a JDialog with a JPasswordField that is shown in the init() method of a servlet (1). Unfortunately this requires our server to run X11... :-( Is there any (hidden) way to input this password on the terminal tomcat was started from? Thanks in advance for any idea! Jan -- Dipl.-Inf. (FH) Jan Mönnich, PKI Team Phone: +49 40 808077-632, Fax: +49 40 808077-556, [EMAIL PROTECTED] DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Can Tomcat support multiple SSL certificates for multiple domains?
Ooops, my fault! I've read and replied too fast (maybe because it's Monday? :-)) Of course this shouldn't be done with *two domain names* only with two host names in the same domain... I suppose it won't work in actual browsers but if it does I let you all know... Sorry Jan Hassan Schroeder schrieb: > On Feb 11, 2008 5:00 AM, Jan Mönnich <[EMAIL PROTECTED]> wrote: > >> You can get one certificate with both domain names in the "Subject >> Alternative Name" of the Certificate. All modern browsers can handle that >> and you can use just one Certificate for both domains. That's the >> workaround we are recommending to all of our customers. > > Have you actually seen this deployed? > > I ask because I've only seen Subject Alternative Name used as e.g. > foo.example.com, bar.example.com -- never two *domain* names. > > If that really works, it'd be good to know :-) > -- Dipl.-Inf. (FH) Jan Mönnich, PKI Team Phone: +49 40 808077-632, Fax: +49 40 808077-556, [EMAIL PROTECTED] DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Can Tomcat support multiple SSL certificates for multiple domains?
Hi Dave, there is another possible solution I just wanted to mention here: You can get one certificate with both domain names in the "Subject Alternative Name" of the Certificate. All modern browsers can handle that and you can use just one Certificate for both domains. That's the workaround we are recommending to all of our customers. Greetz Jan Gabe Wong schrieb: > Dave wrote: >> Hi, >> I have one JBoss instance (4.0.5GA) running on Linux. The machine >> has one IP with two domains. >> www.domain1.com >> www.domain2.com >> I have two SSL certificates, one for each domain, imported into >> keystore. >> I need to use both without any warnings from browser >> https://www.domain1.com >> https://www.domain2.com >> Can Tomcat pick the right certificate based on current domain name? >> But according to >> http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html >> keyAlias Add this element if your have more than one key >> in the KeyStore. If the element is not present the first key read in >> the KeyStore will be used. >> How to work around this? >> Thanks for help! >> Dave >> > Refer to the following link: > http://marc.info/?l=tomcat-user&m=120239893800741&w=2 > > For additional info: > http://marc.info/?l=tomcat-user&w=2&r=1&s=ssl&q=b > -- Dipl.-Inf. (FH) Jan Mönnich, PKI Team Phone: +49 40 808077-632, Fax: +49 40 808077-556, [EMAIL PROTECTED] DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ smime.p7s Description: S/MIME Cryptographic Signature
Logging in separate Thread
Hi folks, we want to log just the domain name a user comes from. As the required DNS reverse lookup can take some time, we would like to do the lookup and the logging in a separate thread. Is it a good idea to just start a new thread for that from a servlets doPost() method? Thanks in advance! Jan -- Dipl.-Inf. (FH) Jan Mönnich, PKI Team Phone: +49 40 808077-632, Fax: +49 40 808077-556, [EMAIL PROTECTED] DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstraße 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski 15 Jahre DFN-CERT + 15. DFN-Workshop "Sicherheit in vernetzten Systemen" am 13./14. Februar 2008 im CCH Hamburg - https://www.dfn-cert.de/ws2008/ smime.p7s Description: S/MIME Cryptographic Signature
