Hello Mark, thanks for responding
> On 21 Oct 2015, at 20:42, Mark Thomas <ma...@apache.org> wrote: > > On 21/10/2015 16:27, Björn Raupach wrote: >> Dear group, >> >> it would be nice if anyone knows, if my planned setup is going to work. >> >> At the moment we are having two services (web apps) at two different >> machines and hostnames. Lets say bob.example.com and alice.example.com >> >> bob.example.com runs without SSL and deploys the web app at the root >> context. We just throw a ROOT.war in /webapps. >> >> alice.example.com needs SSL at all times. It currently does not run with the >> root context but we would like to. So another ROOT.war. We have an SSL cert >> for alice.example.com >> >> I want both applications to run on a single Tomcat instance with Virtual >> Hosting. Virtual Hosting with Tomcat that is. I am comfortable with setting >> up Virtual Hosting, but I am just not sure about the SSL part. Does the >> choice between IP-based or Hostname matter? bob.example.com might need SSL >> support in the future. >> >> We are using Amazon AWS if that is important. So I could get another Elastic >> IP. We are working with the latest Apache Tomcat 8 and the latest JDK on the >> server machines. >> >> Sorry if this is not 100% Tomcat related. > > Currently it will work if both hosts can share the same certificate > because they share a connector and (currently) a connector can only have > a single certificate. How can both hosts share the same certificate? Do I need a SAN certificate or can I just run with the cert for alice.example.com <http://alice.example.com/> and have to live with any cert errors on bob.example.com <http://bob.example.com/>? > > As of 9.0.x (and hopefully eventually back-ported to 8.x) you'll be able > to have per host certs. There should be a 9.0.0-RC1 in the next week or so. > > Mark > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > <mailto:users-unsubscr...@tomcat.apache.org> > For additional commands, e-mail: users-h...@tomcat.apache.org > <mailto:users-h...@tomcat.apache.org>
