From: Dave [mailto:[EMAIL PROTECTED]
the
machine has one IP address. But there are two top-level
domains (not subdomains) mapping to the ip address.
www.domain1.com
www.domain2.com
I need to setup SSL. As far as I know, SSL certificate is
set up for one domain only. Using the different domains will
get a security warning from web browser. (domain name does not match)
Can SSL certificate be ip address based? Or Tomcat support
SSL multiple domains(prevent warnings from browser)?
Tomcat can support multiple SSL domains. *But* there is a fundamental point
about SSL: the secure connection is negotiated before the HTTP host header is
sent. That means that _no web server, of any kind, can successfully host SSL
for multiple domains on the same port on the same IP address_.
You have two possible workarounds:
- Get a second IP address assigned to the machine. This is often easier than
it sounds. Map one domain to each IP address, and bind each of your two SSL
connectors to one IP. At this point, everything Just Works for the user.
- Run SSL for one domain on port 443, and for the other domain on a different
port - say 8443. This gives a slightly messy user experience, as you have
https://www.domain1.com but https://www.domain2.com:8443.
This is a limitation of SSL; it is not Tomcat-specific.
- Peter
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]