Goal: Intall two SSL certificates in the same server, but working for two
different IP addresses and domains.
I have:
- One server running Tomcat 5.5 over Windows.
- Two IP addresses.
- Two domains, one for each IP address.
- Two SSL certificates one for each domain.
- A keystore and alias for each certificate.
I think I need to configure two hosts (or virtual hosts, what's the
difference between these?), and setup two HTTPS connectors with IP based
scheema.
I tried using the following configuration:
<Service name="Catalina">
...
<Connector port="80" maxThreads="300" minSpareThreads="25"
maxSpareThreads="75" enableLookups="true" acceptCount="100"
redirectPort="443" connectionTimeout="20000"
disableUploadTimeout="true" />
<Connector port="443" name="72.3.245.1"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true" useIPVHosts="tru"
scheme="https" secure="true" clientAuth="false"
keystoreFile="D:/jdk1.5.0_02/bin/key1"
keystorePass="pass1" sslProtocol = "TLS" />
<Connector port="443" name="72.32.93.2"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true" useIPVHosts="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="D:/jdk1.5.0_02/bin/key2"
keystorePass="pass2" sslProtocol = "TLS" />
<Connector port="8009"
enableLookups="false" redirectPort="443" protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost">
...
<Host name="72.3.245.1" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
<Host name="72.3.245.2" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
...
</Engine>
...
</Service>
It didn't work at all, I have the first certificate on the first IP working.
But the second certificate just don't work because it gets the first
certificate not the second, so the domains don't match.
Any help on this is welcome, thank you.
Isaac Martínez Hatch
different IP addresses and domains.
I have:
- One server running Tomcat 5.5 over Windows.
- Two IP addresses.
- Two domains, one for each IP address.
- Two SSL certificates one for each domain.
- A keystore and alias for each certificate.
I think I need to configure two hosts (or virtual hosts, what's the
difference between these?), and setup two HTTPS connectors with IP based
scheema.
I tried using the following configuration:
<Service name="Catalina">
...
<Connector port="80" maxThreads="300" minSpareThreads="25"
maxSpareThreads="75" enableLookups="true" acceptCount="100"
redirectPort="443" connectionTimeout="20000"
disableUploadTimeout="true" />
<Connector port="443" name="72.3.245.1"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true" useIPVHosts="tru"
scheme="https" secure="true" clientAuth="false"
keystoreFile="D:/jdk1.5.0_02/bin/key1"
keystorePass="pass1" sslProtocol = "TLS" />
<Connector port="443" name="72.32.93.2"
maxThreads="100" strategy="ms" maxHttpHeaderSize="8192"
emptySessionPath="true" useIPVHosts="true"
scheme="https" secure="true" clientAuth="false"
keystoreFile="D:/jdk1.5.0_02/bin/key2"
keystorePass="pass2" sslProtocol = "TLS" />
<Connector port="8009"
enableLookups="false" redirectPort="443" protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost">
...
<Host name="72.3.245.1" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
</Host>
<Host name="72.3.245.2" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
...
</Engine>
...
</Service>
It didn't work at all, I have the first certificate on the first IP working.
But the second certificate just don't work because it gets the first
certificate not the second, so the domains don't match.
Any help on this is welcome, thank you.
Isaac Martínez Hatch