no problem the SSH handshake needs to happen before the HTTPConnection goes live so if you use 127.0.0.1 or 0.0.0.0 as host in the cert you'll want to use that same IP for virtual-server host (or hosts) attribute
asadmin>stop-domain make necessary edits to domain.xml asadmin>start-domain Martin Gainty ______________________________________________ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Thu, 13 Aug 2009 10:54:19 -0700 > Subject: Re: SSL Using IP Addresses > From: jsext...@gmail.com > To: users@tomcat.apache.org > > Hello - > > We do not have permission to create a hosts file entry (that was my > first idea). > > We also do not need both IP address and host name to work at the same > time, just the IP address. Our problem seems to be that the Tomcat > client wants to find a certificate by hostname, even when the URL > requested is by IP address, and a certificate has been imported with > an alias of that IP address. > > I looked at the "a1as" certificate extracted from Glassfish and it > does indeed have a host name in the CN field. If this is when it can > not be used to validate a call by IP address, then why does importing > it with an alias of the IP address not work for us? > > > Thank you, my understanding of this is still weak. > > > On Thu, Aug 13, 2009 at 8:47 AM, Ognjen Blagojevic<ogn...@etf.bg.ac.rs> wrote: > > Jeff Sexton wrote: > >> > >> We have a situation where we need to call a SOAP service in a > >> Glassfish server via HTTPS from a servlet in Tomcat. We extract a > >> self-signed certificate from Glassfish and imported it on the Tomcat > >> server. It all works in situations where we can use the > >> fully-qualified host name in the request and in the alias of the > >> certificate when importing on the Tomcat server. > >> > >> But we need to operate in an environment with a name service. When we > >> try to use the IP address of the Glassfish server in the HTTPS call > >> and in the certificate alias, the call fails with a "no subject > >> alternate name" exception. > >> > >> In Glassfish to Glassfish calls, using the IP address works fine. > >> > >> Does anyone know how to make an SSL call from a Tomcat server using > >> the IP address only? Is it even possible? > > > > I'm not 100% sure, but I think it is not possible. > > > > Your server certificate have Common Name (CN) which can match either FQDN > > (server.company.com) or IP (123.123.123.123) - not both. > > > > You can, however, try to workaround your inability to contact DNS server by > > manually inserting the adress to the "hosts" file, if you have permission to > > do that. > > > > Regards, > > Ognjen > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > -- > Jeff Sexton > http://www.elgintime.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > _________________________________________________________________ Windows Live™: Keep your life in sync. http://windowslive.com/explore?ocid=PID23384::T:WLMTAGL:ON:WL:en-US:NF_BR_sync:082009