RE: Intalling two SSL certificates

Chris Berthold Thu, 04 May 2006 11:30:08 -0700

Multiple IP addresses is a must to have multiple certificates. I only have
one SSL certificate setup so I'm going based on theory here.  My summation
of what you would need to do is setup two HTTPS connectors with IP based
hosting turned on.  Each keystore needs to be separate.  Don't forget to do
the keystores in the right order too.  Each one will need a copy of the Root
CA Cert and then


<Connector port="8443" address="192.168.0.1"
           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
           emptySessionPath="true" useIPVHosts="true"
           scheme="https" secure="true" clientAuth="false" 
           keystoreFile="/tomcat/conf/ip1.keystore"
           keystorePass="password" sslProtocol = "TLS" />

<Connector port="8443" address="192.168.0.2"
           maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
           emptySessionPath="true" useIPVHosts="true"
           scheme="https" secure="true" clientAuth="false" 
           keystoreFile="/tomcat/conf/ip2.keystore"
           keystorePass="password" sslProtocol = "TLS" />


In the <Engine> section you would have two hosts setup like so:

<Host name="192.168.0.1"
            autoDeploy="false" deployOnStartup="false" deployXML="false">
...
</Host>

<Host name="192.168.0.2"
            autoDeploy="false" deployOnStartup="false" deployXML="false">
...
</Host>

Chris Berthold
IT Systems Analyst
Commercial Refrigerator Door Company
941 . 371 . 8110 x 205

-----Original Message-----
From: Jorge Isaac Martínez Hatch [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 04, 2006 1:55 PM
To: users@tomcat.apache.org
Subject: Intalling two SSL certificates

Hi you smart people:

I have:
- One server running Tomcat 5.5 over Windows.
- Two IP addresses.
- Two domains, one for each IP address.
- Two SSL certificates one for each domain.

Goal: Intall two SSL certificates in the same server, but working for two 
different IP addresses and domains.

I tried to install both cerfiticates using the same keysotre and different 
aliases, but it does not work. It make my second certificate to have the 
common name (domain) of the first one.

Should I use different keystores and different aliases? Do I need to make 
any extra configuration to specify which IP is related to every domain? What

about virtual hosts?

Any help on this is welcome, thank you.

Isaac Martinez Hatch 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Intalling two SSL certificates

Reply via email to