Exactly Thomas :)
Regards,
Zacheusz
On Tue, Dec 29, 2009 at 3:28 PM, Mark Thomas <ma...@apache.org> wrote:
> On 29/12/2009 14:04, Peter Crowther wrote:
>> 2009/12/29 DOrlov <dor...@redaril.com>
>>
>>>
>>> Hello, I have TomCat 6 server and I have 3 SSL sertificates for:
>>>
>>> 1. p.domain.com
>>> 2. p1.domain.com
>>> 3. p2.domain.com
>>>
>>> I would like to use all 3 on 1 SSL connector (Don't create 3 SSL
>>> connectors)
>>> I'm using keytool app and kestore SSL logic for TomCat SSL configuration.
>>>
>> As far as I know, the HTTP spec doesn't allow this. The certificate must
>> be chosen and sent by the server to encrypt the connection before the host
>> header is sent by the browser over the encrypted connection. Therefore, the
>> server cannot choose the certificate to send. You'll need different
>> connectors, either on different IP addresses or different ports.
>>
>> Happy to be corrected if someone knows better!
>
> You are correct for Tomcat as currently implemented.
>
> However, there is a spec for this: RFC 4366, SNI (Server Name
> Indication). It should be implementable for at least the APR/native
> connector. Not sure of the extent, if any, of support in the browsers.
>
>
> Mark
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
