Re: 2 Adresses, 2 certs

Mon, 12 Dec 2016 01:11:11 -0800 

On 12/12/2016 09:07, Jan Pernica wrote:
> Hi everybody
> 
> We need to migrate to new address. Some time we need to listen on 2
> domains. Is there any way to have two certs for the same service
> depending on the address?

Yes, but you need up be using Tomcat 8.5.x. It has support for TLS
virtual hosting.

Mark

> 
> Currently my SSL config is this:
> 
>  <Service name="Catalina">
> 
> <Connector port="443" protocol="org.apache.coyote.http11.Http11AprProtocol"
>     SSLEnabled="true"
>     maxThreads="150"
>     scheme="https"
>     secure="true"
>     SSLVerifyClient="none"
>     SSLProtocol="TLSv1+TLSv1.1+TLSv1.2"
>     ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, 
> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,
> TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,
> TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
>     useServerCipherSuitesOrder="true"
>     SSLCertificateFile="d:/apache-tomcat8/conf/cert/n/cert.cert"
>     SSLCertificateKeyFile="d:/apache-tomcat8/conf/cert/n/key.key"
> SSLCACertificateFile="d:/apache-tomcat8/conf/cert/n/cacerts.pem"
>     SSLPassword="XXXX"
>     />
>     <Engine name="Catalina" defaultHost="localhost">
>       <Host name="localhost"  appBase="webapps"
>             unpackWARs="true" autoDeploy="true">
>         <Valve className="org.apache.catalina.valves.AccessLogValve"
> directory="logs"
>                prefix="localhost_access_log" suffix=".txt"
>                pattern="%h %l %u %t &quot;%r&quot; %s %b" />
> 
>       </Host>
>     </Engine>
>   </Service>
> 
> Thank you for any help
> 
> Jan Pernica
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to