You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Paul Singleton <pa...@jbgb.com> on 2005/06/05 23:21:55 UTC
5.5.9's choice of certificate from keystore
I believe that a keystore can legitimately contain
many certificates, whether root- or self-signed.
How does (and should) Tomcat 5.5.9 choose which of
many such certificates to offer when a client makes
an HTTPS request?
Is there any way of hinting or telling it which to
use (to help me implement multi-IP-address-based
virtual root-certified HTTPS hosts)?
(Empirically, it seems to pick an arbitrary root
certificate if it can find one, else an arbitrary
self-signed one...)
Paul Singleton
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 4/Jun/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: 5.5.9's choice of certificate from keystore
Posted by Bill Barker <wb...@wilshire.com>.
"Paul Singleton" <pa...@jbgb.com> wrote in message
news:42A36CF3.9060002@jbgb.com...
>I believe that a keystore can legitimately contain
> many certificates, whether root- or self-signed.
>
> How does (and should) Tomcat 5.5.9 choose which of
> many such certificates to offer when a client makes
> an HTTPS request?
>
It will use the one with the 'tomcat' alias by default.
> Is there any way of hinting or telling it which to
> use (to help me implement multi-IP-address-based
> virtual root-certified HTTPS hosts)?
>
You can specify the attribute keyAlias="myCertAlias" on the <Connector>
element to tell Tomcat which cert to use.
> (Empirically, it seems to pick an arbitrary root
> certificate if it can find one, else an arbitrary
> self-signed one...)
>
> Paul Singleton
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 4/Jun/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org