Configure multiple keystores in JBoss depending on requested hostname

Question

Hello,

I have my J2EE application deployed into a JBossAS. My Application has to respond to two different hostnames (https://foo.com/myApp and https://bar.com/myApp). It is the same instance of the app serving those two hostnames.

But I don't know how to configure the keystores. I need different keystores for each hostname. Is there a way to tie a virtual host in JBoss' server.xml to a specific connector?

Or do I have to use two different IP-addresses and create a connector for each?

A solution that does not require a second IP-address would be greatly appreciated.

Answer 1

With SSL you have to use two different I.P. addresses if you wish to use different SSL certificates. This isn't a shortcoming in Tomcat/JBoss, it is just the reality of the protocol.

I can't remember the technical reason off the top of my head (Google knows), but it comes down to the server not being able to read the domain name until it has decoded the incoming SSL request.

To use two different keystores you will need to define two different connectors (using different I.P. addresses or ports) in the jbossweb-tomcat55.sar/server.xml file. This will get your SSL certificates working, but if you only have one I.P. your second certificate will need to be setup on a non-standard port.

Answer 2

two apps can share one keystore which holds two certificates. The certificate is issued for a given domain. Define the second domain as a virtual host with different domain and do not touch the server.xml. It should work this way.