Tomcat and multiple SSL certs

[GM]

Is it possible to setup multiple SSL based sites on Tomcat on one
server?. I am investigating having multiple nic cards and adding an
"address" attribute to map to each IP, I've not had much luck finding
out how to get this done. Anyone have any feedback?
thanks
GM

 

[Michael Scovetta]

SSL is directly tied to the IP address, so you can't have
https://site_a and https://site_b where both are on the same IP. I
would try just plugging in both nic cards, get them both working on
the o/s, then set up two connectors, both for ssl, with different
address="..." attributes.

Aside from the normal pain of setting up SSL on Tomcat, this should
work fine. Otherwise, check the Tomcat docs for setting up SSL, I
remember reading something there about this.


Mike Scovetta

 

[Juha Laiho]

(e-mail address removed) (Michael Scovetta) said:

(e-mail address removed) (GM) wrote in message


SSL is directly tied to the IP address, so you can't have
https://site_a and https://site_b where both are on the same IP. I
would try just plugging in both nic cards, get them both working on
the o/s, then set up two connectors, both for ssl, with different
address="..." attributes.

.... and remember that multiple IPs do not necessarily require multiple
NICs. May depend on the OS, though, but Linux and Solaris at least
have no problems in binding multiple local IP addresses to a single NIC.

 

[GM]

Heres what I found thats works, I'm using tomcat 4.1.3 on windows
2000.

<Server port="8005" shutdown="SHUTDOWN" debug="0">
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
debug="0"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
debug="0"/>
<Service name="Tomcat-Standalone">
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="80" address="10.10.10.153" minProcessors="5"
maxProcessors="75" enableLookups="true" acceptCount="100" debug="0"
connectionTimeout="20000" useURIValidationHack="false"
disableUploadTimeout="true"/>
<Engine name="Standalone" defaultHost="10.10.10.153" debug="0">
<Host name="10.10.10.153" debug="0" appBase="webapps/test"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase=""/>
</Host>
</Engine>
</Service>
<Service name="Tomcat-TEST">
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="80" address="10.10.10.143" minProcessors="5"
maxProcessors="75" enableLookups="true" acceptCount="100" debug="0"
connectionTimeout="20000" useURIValidationHack="false"
disableUploadTimeout="true"/>
<Engine name="TEST" defaultHost="10.10.10.143" debug="0">
<Host name="10.10.10.143" debug="0" appBase="webapps/test1"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase=""/>
</Host>
</Engine>
</Service>
</Server>


with this config I can use the appropriate IP/NIC combo to connect to
a specific directory within webapps. I now need to see if SSL config
will work. Using only one <Service> would default to the default host
attribute when trying to use 2nd host name. If you guys see any big
issue with this let me know. I'm working down the SSL path. Thanks for
you input.
GM