Exactly Thomas :) Regards, Zacheusz On Tue, Dec 29, 2009 at 3:28 PM, Mark Thomas <ma...@apache.org> wrote: > On 29/12/2009 14:04, Peter Crowther wrote: >> 2009/12/29 DOrlov <dor...@redaril.com> >> >>> >>> Hello, I have TomCat 6 server and I have 3 SSL sertificates for: >>> >>> 1. p.domain.com >>> 2. p1.domain.com >>> 3. p2.domain.com >>> >>> I would like to use all 3 on 1 SSL connector (Don't create 3 SSL >>> connectors) >>> I'm using keytool app and kestore SSL logic for TomCat SSL configuration. >>> >> As far as I know, the HTTP spec doesn't allow this. The certificate must >> be chosen and sent by the server to encrypt the connection before the host >> header is sent by the browser over the encrypted connection. Therefore, the >> server cannot choose the certificate to send. You'll need different >> connectors, either on different IP addresses or different ports. >> >> Happy to be corrected if someone knows better! > > You are correct for Tomcat as currently implemented. > > However, there is a spec for this: RFC 4366, SNI (Server Name > Indication). It should be implementable for at least the APR/native > connector. Not sure of the extent, if any, of support in the browsers. > > > Mark > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org