You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by "Mathias P.W Nilsson" <ma...@snyltarna.se> on 2008/09/22 09:42:09 UTC

Connector problem

Hi!

I have this setup in my server.xml

 <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
    maxThreads="150" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLS" 
   keystoreFile="c:/keystore"
   keystorePass="pass" />

 <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true"
            xmlValidation="false" xmlNamespaceAware="false">
		<Alias>www.alias1.se</Alias>
		<Alias>www.alias1.com</Alias>
                          <Alias>www.alias2.com</Alias>
      </Host>


How can I install a connector for each site on the 443 port? My application
is running under
ROOT.war. Hibernate is not glad if I run multiple instances. 

Now I have a ssl certificate for each alias. How can I get this running?

-- 
View this message in context: http://www.nabble.com/Connector-problem-tp19603189p19603189.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Connector problem

Posted by Peter Crowther <Pe...@melandra.com>.

> From: Jörg Fröber [mailto:joerg.froeber@indv.de]
> Sorry to kind of hijack this thread, but would it be possible
> to use one
> of the certificates linked below with tomcat, when only 1 IP and 1
> SSL-Connector is used for different <Host> elements?
>
> http://www.geotrusteurope.com/products/ssl_certificates/true_b
> usinessid_mdm.asp
> http://www.positivessl.com/ssl-certificate-products/ssl/multi-
> domain-ssl-certificate.html

Assuming the browser support is out there then yes, it should be possible.

                - Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Connector problem

Posted by Jörg Fröber <jo...@indv.de>.

Am 22.09.2008, 12:17 Uhr, schrieb Peter Crowther  
<Pe...@melandra.com>:

>> From: Mathias P.W Nilsson [mailto:mathias@snyltarna.se]
>> Let's say I want a user to access the website in this fashion
>>
>> https://www.domain1.com ( SSL from thawte )
>> https://www.domain2.com ( SSL from thawte )
>> https://www.domain1.se ( SSL from thawte )
>>
>> What would I have to do to make this work? I only have one
>> server that is running tomcat 6.
>
> You would have to:
>
> - Obtain and set up 3 different IP addresses for the server;
>
> - Set up DNS to point www.domain1.com to one of the IP addresses,  
> www.domain2.com to another, and www.domain1.se to the third.
>
> - Configure 3 different <Host> elements in your server.xml, each for one  
> of the secure domains;
>
> - Configure each <Host> to use the appropriate certificate from your  
> keystore(s).  This is no harder than configuring one Host for SSL, you  
> just need to do it three times :-).
>
>                 - Peter
>


Sorry to kind of hijack this thread, but would it be possible to use one  
of the certificates linked below with tomcat, when only 1 IP and 1  
SSL-Connector is used for different <Host> elements?

http://www.geotrusteurope.com/products/ssl_certificates/true_businessid_mdm.asp
http://www.positivessl.com/ssl-certificate-products/ssl/multi-domain-ssl-certificate.html


Jörg

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Connector problem

Posted by Peter Crowther <Pe...@melandra.com>.

> From: Mathias P.W Nilsson [mailto:mathias@snyltarna.se]
> When a user access www.domain1.se then I read the
> HTTPServletRequest host
> name to see what site
> he/she want's to access. This is because I do not want 3
> hibernate access to
> the same database because that won't work. I would get a lot
> of exceptions
> from hibernate if an entity is changed in one domain and not
> the other.
>
> So, can I set up the server in the way I have done now? If I
> use 3 different
> hosts, how can this point to the same war file without
> loading the war file twice?

I am not aware of any way of doing this, unless you re-architect the application so that all Hibernate access is done in classes that are only loaded once.  However, I'm not a Tomcat expert and there may be ways round the problem!

                - Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Connector problem

Posted by "Mathias P.W Nilsson" <ma...@snyltarna.se>.

Ok thanks!

The problem is that I need the host to run under the same tomcat instance.

When a user access www.domain1.se then I read the HTTPServletRequest host
name to see what site
he/she want's to access. This is because I do not want 3 hibernate access to
the same database because that won't work. I would get a lot of exceptions
from hibernate if an entity is changed in one domain and not the other.

So, can I set up the server in the way I have done now? If I use 3 different
hosts, how can this point to the same war file without loading the war file
twice?
-- 
View this message in context: http://www.nabble.com/Connector-problem-tp19603189p19605213.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Connector problem

Posted by Peter Crowther <Pe...@melandra.com>.

> From: Mathias P.W Nilsson [mailto:mathias@snyltarna.se]
> Let's say I want a user to access the website in this fashion
>
> https://www.domain1.com ( SSL from thawte )
> https://www.domain2.com ( SSL from thawte )
> https://www.domain1.se ( SSL from thawte )
>
> What would I have to do to make this work? I only have one
> server that is running tomcat 6.

You would have to:

- Obtain and set up 3 different IP addresses for the server;

- Set up DNS to point www.domain1.com to one of the IP addresses, www.domain2.com to another, and www.domain1.se to the third.

- Configure 3 different <Host> elements in your server.xml, each for one of the secure domains;

- Configure each <Host> to use the appropriate certificate from your keystore(s).  This is no harder than configuring one Host for SSL, you just need to do it three times :-).

                - Peter

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Connector problem

Posted by "Mathias P.W Nilsson" <ma...@snyltarna.se>.

OK!

How would that setup look like?

Let's say I want a user to access the website in this fashion

https://www.domain1.com ( SSL from thawte )
https://www.domain2.com ( SSL from thawte )
https://www.domain1.se ( SSL from thawte )

What would I have to do to make this work? I only have one server that is
running tomcat 6. 

I would like to keep the settings in server.xml if that is possible. I read
on some other thread that you could use different ports for the connector.
How does this fit in the picture of letting the user enter https://? The
user would not know the port to connect to.

// Mathias
-- 
View this message in context: http://www.nabble.com/Connector-problem-tp19603189p19604968.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Connector problem

Posted by Mark Thomas <ma...@apache.org>.

Mathias P.W Nilsson wrote:
> Hi!
> 
> I have this setup in my server.xml
> 
>  <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
>     maxThreads="150" scheme="https" secure="true"
>     clientAuth="false" sslProtocol="TLS" 
>    keystoreFile="c:/keystore"
>    keystorePass="pass" />
> 
>  <Host name="localhost"  appBase="webapps"
>             unpackWARs="true" autoDeploy="true"
>             xmlValidation="false" xmlNamespaceAware="false">
> 		<Alias>www.alias1.se</Alias>
> 		<Alias>www.alias1.com</Alias>
>                           <Alias>www.alias2.com</Alias>
>       </Host>
> 
> 
> How can I install a connector for each site on the 443 port? My application
> is running under
> ROOT.war. Hibernate is not glad if I run multiple instances. 
> 
> Now I have a ssl certificate for each alias. How can I get this running?

You can't. You can only have one certificate per connector. In some cases
you might be able to use a wildcard cert (*.foo.bar) but that doesn't look
like it will work for you.

Options:
 - pick one of the domains to be the main domain and then redirect all the
others to that one
 - install multiple connectors on different port/ip combinations

Mark




---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org