3 Replies Latest reply on Jul 27, 2004 9:41 AM by starksm64

    HTTPS and Virtual hosts/multiple host names

    thl-mot
    thl-mot Jul 23, 2004 11:22 AM

      Hi,
      My JBoss (3.2.2 + Tomcat) has multiple hostnames.
      With the keytool (keytool -genkey -kestore keyStore) I created one key for my machine.
      As cn I have to give the server name, lets say obelix (the machines name in the lan).
      From another network you can reach the same machine with obelix.mydomain.de.
      When using "obelix.mydomain.de" the browser always tells me that the machine name does not match the name given in the certificate (of course in the certificate its just obelix).
      I tried to put two keys into the same keystore, but I still get the same problem.
      How can I specify which key to use.
      In jboss-service.xml I can only give one keyStore.
      What happens if I want to host multiple domains (name based virtual hosts) on my machine running with ssl. How do I specify the mapping from domain to certificate here?




      • 4668 Views
      • Tags:
        • 1. Re: HTTPS and Virtual hosts/multiple host names
          jleech
          jleech Jul 26, 2004 5:45 PM (in response to thl-mot)

          I might be wrong, but this is the way it was explained to me -- It can't be done since the cert is tied to an ip / port, not a server name. And the cert is given back to the browser before the server has any idea what URL the browser is going to. What I think you could do (but I haven't tried myself) is to set up the server with multiple IP addresses, and configure multiple Tomcat connectors, one per IP address, each with its own keystore. Or basically do the same thing, but with one IP address, and each connector running on a different port.

            • Actions
          • 2. Re: HTTPS and Virtual hosts/multiple host names
            thl-mot
            thl-mot Jul 27, 2004 2:54 AM (in response to thl-mot)

            It's exactly like jleech described.
            A certificate is bound to the IP address - Port combination.

            Encryption is already used when the hostname is transferred to the server as part of the page-request.

            But how do I specify the ip address in the connector?

              • Actions
            • 3. Re: HTTPS and Virtual hosts/multiple host names
              starksm64
              starksm64 Jul 27, 2004 9:41 AM (in response to thl-mot)

              Via the address attribute, which may be a system property reference in jboss as shown here.

              <Connector className = "org.apache.coyote.tomcat4.CoyoteConnector"
 address="${jboss.bind.address}" port = "8443" scheme = "https"
 secure = "true">
 <Factory className = "org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
 keystoreFile="${jboss.server.home.dir}/conf/tc.keystore"
 keystorePass="tc-password"
 protocol = "TLS"/>
</Connector>


              http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/coyote.html


                • Actions