3 Replies Latest reply on Jul 27, 2004 9:41 AM by Scott Stark

    HTTPS and Virtual hosts/multiple host names

    Thomas Lauerbach Newbie

      Hi,
      My JBoss (3.2.2 + Tomcat) has multiple hostnames.
      With the keytool (keytool -genkey -kestore keyStore) I created one key for my machine.
      As cn I have to give the server name, lets say obelix (the machines name in the lan).
      From another network you can reach the same machine with obelix.mydomain.de.
      When using "obelix.mydomain.de" the browser always tells me that the machine name does not match the name given in the certificate (of course in the certificate its just obelix).
      I tried to put two keys into the same keystore, but I still get the same problem.
      How can I specify which key to use.
      In jboss-service.xml I can only give one keyStore.
      What happens if I want to host multiple domains (name based virtual hosts) on my machine running with ssl. How do I specify the mapping from domain to certificate here?




        • 1. Re: HTTPS and Virtual hosts/multiple host names
          Jonathan Leech Newbie

          I might be wrong, but this is the way it was explained to me -- It can't be done since the cert is tied to an ip / port, not a server name. And the cert is given back to the browser before the server has any idea what URL the browser is going to. What I think you could do (but I haven't tried myself) is to set up the server with multiple IP addresses, and configure multiple Tomcat connectors, one per IP address, each with its own keystore. Or basically do the same thing, but with one IP address, and each connector running on a different port.

          • 2. Re: HTTPS and Virtual hosts/multiple host names
            Thomas Lauerbach Newbie

            It's exactly like jleech described.
            A certificate is bound to the IP address - Port combination.

            Encryption is already used when the hostname is transferred to the server as part of the page-request.

            But how do I specify the ip address in the connector?

            • 3. Re: HTTPS and Virtual hosts/multiple host names
              Scott Stark Master

              Via the address attribute, which may be a system property reference in jboss as shown here.

              <Connector className = "org.apache.coyote.tomcat4.CoyoteConnector"
               address="${jboss.bind.address}" port = "8443" scheme = "https"
               secure = "true">
               <Factory className = "org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
               keystoreFile="${jboss.server.home.dir}/conf/tc.keystore"
               keystorePass="tc-password"
               protocol = "TLS"/>
              </Connector>
              


              http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/coyote.html