> -----Original Message----- > From: Kevin Jenkins [mailto:rak...@jenkinssoftware.com] > Sent: Saturday, April 06, 2013 10:10 PM > To: Tomcat Users List > Subject: Better SSL connector setup > > I have a server that has two hosts: > First: > http://masterserver2.raknet.com/ > > Second (using alias) > https://lobby3.raknet.com <https://milestone.lobby3.raknet.com:444/> > https://milestone.lobby3.raknet.com:444/ > > I would like have access be on these specific URLS. Right now you can > use untrusted URLs, such as https://masterserver2.raknet.com/ > https://milestone.lobby3.raknet.com/ > > Additionally, I would like to access milestone.lobby3.raknet.com on > port > 443 rather than 444 (so that 443 does not display a warning like it > does now). > > I setup two connectors because I did not know how else to specify there > are two ssl certificate files <Connector port="443" > protocol="org.apache.coyote.http11.Http11AprProtocol" > SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="SSLv3" > > SSLCertificateKeyFile="${catalina.base}\conf\lobby3\privatekey.txt" > > > SSLCertificateFile="${catalina.base}\conf\lobby3\lobby3.raknet.com.txt" > /> > > <Connector port="444" > protocol="org.apache.coyote.http11.Http11AprProtocol" > SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="SSLv3" > > > SSLCertificateKeyFile="${catalina.base}\conf\milestone_lobby3\privateke > y.txt" > > > SSLCertificateFile="${catalina.base}\conf\milestone_lobby3\milestone.lo > bby3.raknet.com.txt" > /> > > This is my host setup: > <Host name="www.masterserver2.raknet.com" > appBase="RakNet/masterserver2" > unpackWARs="true" autoDeploy="true"> > <Alias>masterserver2.raknet.com</Alias> > <Alias>milestone.masterserver2.raknet.com</Alias> > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="masterserver2.raknet.com_access_log." suffix=".txt" > pattern="%h %l %u %t "%r" %s %b" /> > </Host> > <Host name="www.lobby3.raknet.com" appBase="RakNet/lobby3" > unpackWARs="true" autoDeploy="true"> > <Alias>lobby3.raknet.com</Alias> > <Alias>milestone.lobby3.raknet.com</Alias> > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="lobby3.raknet.com_access_log." suffix=".txt" > pattern="%h %l %u %t "%r" %s %b" /> > </Host> > > This is not a major issue, but just cleanup. Does anyone have > suggestions? > Thanks.
You probably do not want to share one IP address between two different hosts and certificates when using SSL. It is better to bind each host to a different IP address, using the address attribute within each connector: address="192.168.47.5" If each host is bound to a different IP address, then each host can use 443. The rule is that the IP address and port combination for each host must be different; hosts can share either IP addresses or ports, but not both. Again, though, with SSL, it is better they do not share IP addresses. I am not sure that I addressed your question of "untrusted URLs", but I will leave that question for others on the mailing list to address if the change above does not resolve it. Jeffrey Harris This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
