Re: [TC4] multiple certificates

Tue, 21 Nov 2000 22:02:19 -0800


I believe that the different port idea is correct (for any web server - not just tomcat).  

Another point to consider is that if tomcat is used in conjunction with a web server (such as apache or IIS), the web server does all of the SSL stuff for the communication with the browser, so you are stuck with web server limitations that are out of tomcat's control.



--------------------------------------------------------------------------------
Aaron Knauf
Systems Integrator
Genie Systems Ltd
Auckland, New Zealand
Ph. +64-9-573 3310 x812
email: [EMAIL PROTECTED]
http://www.geniesystems.com
--------------------------------------------------------------------------------


"Warner Onstine" <[EMAIL PROTECTED]>

22/11/2000 18:36
Please respond to tomcat-dev

       
        To:        <[EMAIL PROTECTED]>
        cc:        
        Subject:        Re: [TC4] multiple certificates




----- Original Message -----
From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 21, 2000 7:43 PM
Subject: Re: [TC4] multiple certificates

> Warner Onstine wrote:
>
> > Hi all,
> > It's been a while since I looked at the SSL stuff and I just received a
> > request which I'm not sure how it would be handled in TC4.  Would it be
> > possible to handle multiple certificates for SSL per servlet?  If this
needs
> > further clarification let me know.
> >
>
> I guess I don't quite get what you are after.
>
> Are you talking about a certificate chain that authenticates an individual
> user?  If so, that is already supported -- the request attribute that you
get is
> an array of certificate objects, with the first one being the certificate
of the
> client principal, and the subsequent ones being the certificates of the
> certificate authorities vouching for the previous certificate in the
chain.
Sure, what we're working with is possibly using different server
certificates for different servlets, is this at all possible? From what I
can tell right now, no.
Basically what I see right now is if we turn on ssl support it uses the
certificate that you specify for each connection from the
SSLServerSocketFactory.  The only way I can see doing this is to specify a
different port for different certificates, correct?
> If that's not what you are after, could you please explain further?
>
>
> Craig
Thanks,
-warner


Reply via email to