You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jamie <ja...@stimulussoft.com> on 2010/08/30 17:58:34 UTC
TLS configuration with multiple web apps
Hi There
Our deployment of Tomcat has several web applications, each with their
own cert store. Each web app has a GUI for creating cert requests and
importing certs. we need to configure Tomcat's TLS capability such that
it will authenticate with each web application's certificate store. I
cannot see how to do this from the docs. It seems Tomcat only support
one cert store for all web applications. Furthermore, there doesn't
appear to be a way to specify a path that is relative to the web app
home directory. Any pointers / workarounds to the above would be most
appreciated.
Jamie
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: TLS configuration with multiple web apps
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: André Warnier [mailto:aw@ice-sa.com]
> Subject: Re: TLS configuration with multiple web apps
> Maybe also to point out a side-effect of multiple connectors
> (and/or multiple tomcats) :
> it also means that each site/application would need a different
> port number also.
Or unique IP addresses.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TLS configuration with multiple web apps
Posted by André Warnier <aw...@ice-sa.com>.
Maybe also to point out a side-effect of multiple connectors (and/or multiple tomcats) :
it also means that each site/application would need a different port number also.
Jamie wrote:
> Hi Mark
>
> Thanks for the clarification. Makes sense. Since ISP's are typically
> cost sensitive, each instance should consume a minimal amount of
> resources.. i.e. memory footprint, etc. Is there alot extra overhead in
> the architecture you describe?
>
> Jamie
>
> On 2010/08/30 6:02 PM, Mark Thomas wrote:
>> On 30/08/2010 16:58, Jamie wrote:
>>
>>> Hi There
>>>
>>> Our deployment of Tomcat has several web applications, each with their
>>> own cert store. Each web app has a GUI for creating cert requests and
>>> importing certs. we need to configure Tomcat's TLS capability such that
>>> it will authenticate with each web application's certificate store. I
>>> cannot see how to do this from the docs. It seems Tomcat only support
>>> one cert store for all web applications. Furthermore, there doesn't
>>> appear to be a way to specify a path that is relative to the web app
>>> home directory. Any pointers / workarounds to the above would be most
>>> appreciated.
>>>
>> Certificate stores are set per connector. It has to be this way since
>> the SSL connection needs to be established before the request can be
>> parsed and the correct host& context identified.
>>
>> To do what you want to do sounds like you'll need one connector per
>> webapp which equates to one service + connector + engine + host per
>> web app.
>>
>> Mark
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TLS configuration with multiple web apps
Posted by Jamie <ja...@stimulussoft.com>.
Hi Mark
Thanks for the clarification. Makes sense. Since ISP's are typically
cost sensitive, each instance should consume a minimal amount of
resources.. i.e. memory footprint, etc. Is there alot extra overhead in
the architecture you describe?
Jamie
On 2010/08/30 6:02 PM, Mark Thomas wrote:
> On 30/08/2010 16:58, Jamie wrote:
>
>> Hi There
>>
>> Our deployment of Tomcat has several web applications, each with their
>> own cert store. Each web app has a GUI for creating cert requests and
>> importing certs. we need to configure Tomcat's TLS capability such that
>> it will authenticate with each web application's certificate store. I
>> cannot see how to do this from the docs. It seems Tomcat only support
>> one cert store for all web applications. Furthermore, there doesn't
>> appear to be a way to specify a path that is relative to the web app
>> home directory. Any pointers / workarounds to the above would be most
>> appreciated.
>>
> Certificate stores are set per connector. It has to be this way since
> the SSL connection needs to be established before the request can be
> parsed and the correct host& context identified.
>
> To do what you want to do sounds like you'll need one connector per
> webapp which equates to one service + connector + engine + host per web app.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: TLS configuration with multiple web apps
Posted by "Caldarale, Charles R" <Ch...@unisys.com>.
> From: Mark Thomas [mailto:markt@apache.org]
> Subject: Re: TLS configuration with multiple web apps
> To do what you want to do sounds like you'll need one
> connector per webapp which equates to one service +
> connector + engine + host per web app.
Or perhaps one Tomcat per webapp, which might be a bit simpler to administer.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: TLS configuration with multiple web apps
Posted by Mark Thomas <ma...@apache.org>.
On 30/08/2010 16:58, Jamie wrote:
> Hi There
>
> Our deployment of Tomcat has several web applications, each with their
> own cert store. Each web app has a GUI for creating cert requests and
> importing certs. we need to configure Tomcat's TLS capability such that
> it will authenticate with each web application's certificate store. I
> cannot see how to do this from the docs. It seems Tomcat only support
> one cert store for all web applications. Furthermore, there doesn't
> appear to be a way to specify a path that is relative to the web app
> home directory. Any pointers / workarounds to the above would be most
> appreciated.
Certificate stores are set per connector. It has to be this way since
the SSL connection needs to be established before the request can be
parsed and the correct host & context identified.
To do what you want to do sounds like you'll need one connector per
webapp which equates to one service + connector + engine + host per web app.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org