Apache (with mod_ssl) use VirtualHost directive :
Basically you give a certificate to a server, a server is
an IP adress and a listen port number.
Tomcat will handle Virtual Host and the SSL certificate support
must be there.
One virtual host, one certificate.
You could also add different listen port :
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8443"/>
<Parameter name="keystore"
value="/var/tomcat/conf/keystore"/>
<Parameter name="keypass"
value="changeit"/>
<Parameter name="clientAuth"
value="false"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
</Connector>
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler"
value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port"
value="8444"/>
<Parameter name="keystore2"
value="/var/tomcat/conf/keystore"/>
<Parameter name="keypass"
value="changeit"/>
<Parameter name="clientAuth"
value="false"/>
<Parameter name="socketFactory"
value="org.apache.tomcat.net.SSLSocketFactory" />
</Connector>
Alternate question. I didn't see in the code TC3 where the
multiple alias present in a keystore are used.
Could be nice to have all server certificate in the same keystore
and have access to them via another parameter :
<Parameter name="alias"
value="tomcat1"/>
>-----Original Message-----
>From: Warner Onstine [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, November 22, 2000 6:37 AM
>To: [EMAIL PROTECTED]
>Subject: Re: [TC4] multiple certificates
>
>
>
>----- Original Message -----
>From: "Craig R. McClanahan" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, November 21, 2000 7:43 PM
>Subject: Re: [TC4] multiple certificates
>
>
>> Warner Onstine wrote:
>>
>> > Hi all,
>> > It's been a while since I looked at the SSL stuff and I
>just received a
>> > request which I'm not sure how it would be handled in TC4.
> Would it be
>> > possible to handle multiple certificates for SSL per
>servlet? If this
>needs
>> > further clarification let me know.
>> >
>>
>> I guess I don't quite get what you are after.
>>
>> Are you talking about a certificate chain that authenticates
>an individual
>> user? If so, that is already supported -- the request
>attribute that you
>get is
>> an array of certificate objects, with the first one being
>the certificate
>of the
>> client principal, and the subsequent ones being the
>certificates of the
>> certificate authorities vouching for the previous certificate in the
>chain.
>
>Sure, what we're working with is possibly using different server
>certificates for different servlets, is this at all possible?
>From what I
>can tell right now, no.
>
>Basically what I see right now is if we turn on ssl support it uses the
>certificate that you specify for each connection from the
>SSLServerSocketFactory. The only way I can see doing this is
>to specify a
>different port for different certificates, correct?
>
>> If that's not what you are after, could you please explain further?
>>
>>
>> Craig
>
>Thanks,
>-warner
>
