You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/03/24 17:14:37 UTC
[Bug 59233] New: support unlimited SSL certificates stored in
database or file system without server restart
https://bz.apache.org/bugzilla/show_bug.cgi?id=59233
Bug ID: 59233
Summary: support unlimited SSL certificates stored in database
or file system without server restart
Product: Tomcat 9
Version: 9.0.0.M4
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Connectors
Assignee: dev@tomcat.apache.org
Reporter: javaone9@gmail.com
For a web application that allows users to create business websites and bind
their own domains. All the domains will be mapped to the same IP address, and
one port is used for all. For example,
https://mydomain1.com
https://mydomain2.com
https://mydomain3.com
The number of domains is unlimited.
Each user should be able to upload a SSL certificate for his/her own domain,
and the certificate can be stored in database or file system. Many users are
using the web application at the time, and thus server restart is not
acceptable.
Tomcat9 can provide a SSL provider interface like: getCertificate(domain). How
to get the certificate is up to the provider implementation. SSL should be
configured dynamically at the run time without server restart.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59233] support unlimited SSL certificates stored in database or
file system without server restart
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59233
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Tomcat doesn't want to get into the details of where the meta-data is stored.
It is already possible to add virtual hosts dynamically. What isn't currently
possible is adding an SSLHostConfig to an Endpoint. That doesn't look too
tricky. I'll take a look.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59233] support unlimited SSL certificates stored in database or
file system without server restart
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59233
--- Comment #3 from javaone9@gmail.com ---
From the following example from Tomcat9 migration guide:
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11AprProtocol"
maxThreads="150"
SSLEnabled="true"
defaultSSLHostConfigName="openoffice.apache.org" >
<SSLHostConfig hostName="openoffice.apache.org" >
<Certificate
certificateKeyFile="conf/openoffice.apache.org-rsa-key.pem"
certificateFile="conf/openoffice.apache.org-rsa-cert.pem"
type="RSA" />
<Certificate certificateKeyFile="conf/openoffice.apache.org-ec-key.pem"
certificateFile="conf/openoffice.apache.org-ec-cert.pem"
type="EC" />
</SSLHostConfig>
<SSLHostConfig hostName="www.openoffice.org" >
<Certificate certificateKeyFile="conf/www.openoffice.org-rsa-key.pem"
certificateFile="conf/www.openoffice.org-rsa-cert.pem"
type="RSA" />
<Certificate certificateKeyFile="conf/www.openoffice.org-ec-key.pem"
certificateFile="conf/www.openoffice.org-ec-cert.pem"
type="EC" />
</SSLHostConfig>
</Connector>
Does it require server restart after adding a new domain and its certificate?
Can it be scaled to thousands of domains? The use case is that a web app
allows users (thousands or millions) to bind their own domains and upload SSL
certificates. Can Tomcat9 handle the use case? Thanks.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59233] support unlimited SSL certificates stored in database or
file system without server restart
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59233
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
Adding TLS virtual hosts (or in implementation terms SSLHostConfigs to an
Endpoint) dynamically will be supported in 9.0.0.M9 and 8.5.4 onwards.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org