tags:

views:

104

answers:

1
+1  Q: 

Serve different certs for same Tomcat application via connectors?

For a limited time, we have to serve the same Tomcat 6 web application from two different domain names. Both domains need to be served HTTPS - is it technically possible to handle serving different certs for the same app using connectors (or other method)?

The other option (which we are trying to avoid) is to handle the cert delivery upstream of the application.

TIA,

Geoff

+1  A: 

There are 3 ways to do this,

  1. Get 2 IPs for the same host and set up 2 connectors bound to each IP. This is cleanest solution.

  2. Get a cert with SAN (Subject Alternative Name). This is basically a cert with 2 hostnames. Some real old browser and Java 1.5 earlier doesn't support SAN.

  3. Another way to use 2 certs on the same IP is to use SNI (Server Name Indication) extension of TLS. Unfortunately, this is not supported by JSSE. If you can run an Apache httpd in front of the Tomcat, you can use this feature.

ZZ Coder  2009-10-23 02:25:45
+1 perfect answer
Pascal Thivent  2009-10-23 02:39:29
Thank you for the quick response - this is very helpful :)
Geoff  2009-10-24 02:59:41

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL