2016-12-20 17:09 GMT+01:00 Gregory Orciuch <g.orci...@gmail.com>: > Hi, > > we have been solving this kind of issues placing a SSL terminating > load-balancer before CXF instances; > Also we considered in-app SSL certficates as not good idea because of > managing troubles and revocation troubles, and validity checking troubles; > > Cheers, > Gregory > > 2016-12-20 16:56 GMT+01:00 dkundo <dku...@yahoo.com>: > >> Hi, >> my server is listening on multiple IP addresses, and according to the IP >> client has opened a connection to, a different server certificate should be >> presented (it's a multi-tenant application where each tenant connects to >> its >> own IP address). >> If I understand correctly I need to implement my own KeyManager, holding >> multiple certificates and choosing the right one based on the connections' >> destination IP, but I'd appreciate a confirmation that this is the right >> thing to do, and also get some code examples / instructions. >>
I'd use a server with SNI support + virtual hosts I think Tomcat 8+ do it Or you could use a frontend with SNI support, like HAProxy , and to terminate SSL connection here ( like the latter answer ) >> it's a stand-alone application. >> Using CXF 3.1.0 >> The CXF configuration is done with Spring. >> >> Thanks you >> >> >> >> >> >> >> -- >> View this message in context: http://cxf.547215.n5.nabble. >> com/How-CXF-SOAP-server-can-present-a-different-certificate-to-different- >> clients-tp5775940.html >> Sent from the cxf-user mailing list archive at Nabble.com. >>
