1

To provide both RSA and DSA certificates, I have used two connectors with different IP addresses. But Is it possible that under one IP address multiple ssl certifices?

I have also tried virtual hosting on tomcat, but I didn't found any attribute under "Host" to specify certificate for each host.

Finally I am trying use apache server(httpd) together with tomcat using mod_jk connector. Because it has provision to provide different certificate per domain(in virtual hosting).

Do I need to use httpd? Or Is there any solution for this problem in tomcat?

Any help will be appreciated...

user2341911
  • 11
  • 1

1 Answers1

1

Use a different keystore per Connector, with the appropriate certificate in each one.

However in the long run you will find life with SSL much easier, and a lot of other things too, if you terminate SSL at an Apache HTTP. Then you can control most of SSL right down to the directory level. Tomcat is rather limited in this respect, especially when it comes to dealing with client certificates.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • Providing different connector per keystore will require to specify different Ip address per connector. So, we cannot have two keystore under one connector? – user2341911 May 03 '13 at 11:39
  • Also I want to make sure that tomcat cannot support multiple (RSA,DSA) cipher suites under one IP address? – user2341911 May 03 '13 at 11:48