On 03/08/2010 06:46 PM, Richard Huntrods wrote:
Does anyone know if it is possible, or has anyone done this:
I have two applications running on a single server. The applications
use different domains and URLs, so the single Tomcat instance can
easily tell them apart. (Note: this part is currently working just fine).
https://domain1/application1
https://domain2/application2
Again, both domains point to the same static IP, and yes, it is
possible for someone to access either application from either domain.
Normally, that is not an issue with the clients.
However, I currently have only one SSL certificate on the server -
this is for domain1. So if you use domain1 to access application1,
it's all fine. The security cert comes up green and all that.
BUT - if you try and access application2 via domain2, you get the red
security cert (wrong domain / server name). I would like to purchase a
second certificate for the second domain, and am wondering if this can
be done, and how one would tell Tomcat (in server.xml) to acknowledge
the second certificate.
Currently the stuff in server.xml looks like this:
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" enableLookups="false" scheme="https"
secure="true"
keystoreFile="./keys/.keystore" keystorePass="myPassword"
clientAuth="false" sslProtocol="TLS" />
I have a bad feeling it's not possible, but wanted to ask anyway.
Thanks in advance.
-R
Richard,
It's possible.
It doesn't appear that Tomcat or Java(SUN) support RFC 3546 just yet
(For Server Name Indication) even though Apache httpd does. However
Windows XP users of IE will not be able to take advantage of SNI at this
time anyway (to further rain on your parade). Vista and greater do make
use of SNI though. Gotta wait for XP to die I guess. :-P
End result: Multi-Domain Certificate, separate ports, separate IPs or a
load balancer that distributes the load to an internal IP based on FQDN,
to which you could then use X amount of different SSL certs.(This last
bit may be a wee bit complicated)
Hope this helps
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org