-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardibo,
On 6/1/16 9:48 AM, Hardibo Pierre-Jean wrote: > Hello, when i add the second, or i put only the second (tomcat2) > browser doesn't reach the website but doesnt stop with error > message. If you connect with openssl s_client, can you see what certificate is presented with the server handshake? Depending upon your version of OpenSSL, it may or may not support the - -servername option, which is the way to trigger the use of SNI. - -chris > Le 31/05/2016 18:52, Christopher Schultz a écrit : Hardibo, > > On 5/31/16 10:33 AM, Hardibo Pierre-Jean wrote: >>>> Hello, i made two startSSL's certificates because i could >>>> only add 5 domains once. > ??! > >>>> When i use SSLHostConfig for the domains of the first >>>> certificate all is working, but when i try to add other >>>> domains (2° certificate) websites are no more accessible, >>>> there's few documentation about that and no tutorial so i am >>>> blocked. Here is my connector (server.xml): <Connector >>>> port="8443" >>>> protocol="org.apache.coyote.http11.Http11NioProtocol" >>>> maxThreads="150" SSLEnabled="true" > > You'll also want to set secure="true" and scheme="https" on your > <Connector>. This might be the only thing you are missing. > > http://tomcat.apache.org/tomcat-9.0-doc/config/http.html#SSL_Support_- _S > > SLHostConfig > >>>> <SSLHostConfig hostName="www.hardibopj.com"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="www.tagdirectory.net"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="www.xn--kzako-bsa.com"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="www.xn--tltravail-b4ab.com"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="www.xn--changedeliens-9gb.com"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="en.tagdirectory.net"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="www.retrogeekzone.com"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="en.retrogeekzone.com"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> <SSLHostConfig >>>> hostName="www.troc-livres-informatique.com"> <Certificate >>>> certificateKeystoreFile="/opt/tomcat9/tomcat2" >>>> certificateKeystorePassword="xxxx" type="RSA"/> >>>> </SSLHostConfig> </Connector> > Those all look okay to me. What are you using to test? With a > single <SSLHostConfig> can you establish a connection? When you add > the second <SSLHostConfig>, how do things change? > > -chris >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAldPFJ0ACgkQ9CaO5/Lv0PAF6ACfVcTBSYK14jmbTe8Ajs2JBvtT ZLcAn350K2zMGeVOo8SmAoZgqDt6kGnf =xtvv -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
