Jorge Isaac Martínez Hatch wrote:
Genius all around the world,

Goal: Intall two SSL certificates in the same server, but working for two
different IP addresses and domains.

I have:
- One server running Tomcat 5.5 over Windows.
- Two IP addresses.
- Two domains, one for each IP address.
- Two SSL certificates one for each domain.
- A keystore and alias for each certificate.

You can keep both/all certificates in the same keystore (e.g.
the default one) and specify them with the (still undocumented)
Connector attribute

  keyAlias="mycert1"

(I reckon one keystore is slightly easier to manage than two)

I think I need to configure two hosts (or virtual hosts, what's the difference between these?)

A "physical" host is a hardware server, which may support many
virtual hosts, either name-based (several at one IP address,
Tomcat steers requests to corresponding web apps) or address-based
(each app needs its own IP address).

Since certificates are checked *before* Tomcat gets to attempt
name-based virtual hosting, you need a dedicated IP address for
each SSL-enabled app, natch.  Unless things have changed since
5.5.9

   <Connector port="443"  name="72.3.245.1"

No this should be

    <Connector port="443"  address="72.3.245.1"

(there is no Connector "name" attribute that I can find)

     <Host name="72.3.245.1" appBase="webapps"

Hmm, I'd expect name="mysecuresite.com" or similar, not an
IP address.

It didn't work at all, I have the first certificate on the first IP working. But the second certificate just don't work because it gets the first certificate not the second, so the domains don't match.

If it gets the first cert, then it must be using the first Connector,
which I guess is because, without "address" attributes, both are using
all addresses?

Paul Singleton

Any help on this is welcome, thank you.

Isaac Martínez Hatch

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to