These are three different domains. Theoretically you can choose
cerfificate for subdomain. Look at:
RFC 4680: TLS Handshake Message for Supplemental Data
RFC 4366: Transport Layer Security (TLS) Extensions
Basically, the client sends the target host during the initial
handshake so you can pick the right virtual server certificate in
advance.
Regards,
Zacheusz
On Tue, Dec 29, 2009 at 3:04 PM, Peter Crowther
<peter.crowt...@melandra.com> wrote:
> 2009/12/29 DOrlov <dor...@redaril.com>
>
>>
>> Hello, I have TomCat 6 server and I have 3 SSL sertificates for:
>>
>> 1. p.domain.com
>> 2. p1.domain.com
>> 3. p2.domain.com
>>
>> I would like to use all 3 on 1 SSL connector (Don't create 3 SSL
>> connectors)
>> I'm using keytool app and kestore SSL logic for TomCat SSL configuration.
>>
>> As far as I know, the HTTP spec doesn't allow this. The certificate must
> be chosen and sent by the server to encrypt the connection before the host
> header is sent by the browser over the encrypted connection. Therefore, the
> server cannot choose the certificate to send. You'll need different
> connectors, either on different IP addresses or different ports.
>
> Happy to be corrected if someone knows better!
>
> - Peter
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
