On 29/12/2009 14:04, Peter Crowther wrote: > 2009/12/29 DOrlov <dor...@redaril.com> > >> >> Hello, I have TomCat 6 server and I have 3 SSL sertificates for: >> >> 1. p.domain.com >> 2. p1.domain.com >> 3. p2.domain.com >> >> I would like to use all 3 on 1 SSL connector (Don't create 3 SSL >> connectors) >> I'm using keytool app and kestore SSL logic for TomCat SSL configuration. >> > As far as I know, the HTTP spec doesn't allow this. The certificate must > be chosen and sent by the server to encrypt the connection before the host > header is sent by the browser over the encrypted connection. Therefore, the > server cannot choose the certificate to send. You'll need different > connectors, either on different IP addresses or different ports. > > Happy to be corrected if someone knows better!
You are correct for Tomcat as currently implemented. However, there is a spec for this: RFC 4366, SNI (Server Name Indication). It should be implementable for at least the APR/native connector. Not sure of the extent, if any, of support in the browsers. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org