If you're talking about SSL, then this is the common misunderstanding about about how the SSL layer works.
SSL is negotiated before HTTP - where the HOST header resides - so the server has no way of knowing during the SSL connection phase which host to talk to, so selects the default certificate. in short SSL only understands how to connect to an IP and port, it doesn't understand the differences between hosts that run on the same IP and port combo. You should be able to configure a cert for each of the two IPs you specify, but you'll need to assign a different IP or port to each of the other domain names in order to use separate certs. Rodrigo Ruiz wrote: > Hi all, > > I have been trying to configure certificates for a server that has > several IP addresses, and several domain names, but I think I have > reached a limitation on Tomcat security features (or maybe a Java one, I > don't know). > > I think the problem can be experienced even with a server with a single > IP address and a single domain address. > > I would like my server to present a different certificate depending on > the address through which it is being invoked. Specifically, I would > like my server to present different certificates for the following > alternatives: > > - 127.0.0.1 > - host IP address > - localhost > - host.domain.name > - alias.domain.name > > That is, depending on the address/name the client used to make the > request, present an appropriate certificate. I know I can instruct > Tomcat to present a different certificate for different IP addresses, > but in this case I want it to present different certificates for the > same address. > > I don't know if this is possible with the current Tomcat version, or it > is already in the roadmap of Tomcat for a future version, or even if it > has been reported. I have searched on this forum archives and into Jira, > and found similar questions and bug reports, but not this one. > > I just wanted to check this subject here before submitting a request for > this feature in Bugzilla. > > Thanks in advance, --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
