You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Mathias P.W Nilsson" <ma...@snyltarna.se> on 2008/09/22 09:42:09 UTC
Connector problem
Hi!
I have this setup in my server.xml
<Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="c:/keystore"
keystorePass="pass" />
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Alias>www.alias1.se</Alias>
<Alias>www.alias1.com</Alias>
<Alias>www.alias2.com</Alias>
</Host>
How can I install a connector for each site on the 443 port? My application
is running under
ROOT.war. Hibernate is not glad if I run multiple instances.
Now I have a ssl certificate for each alias. How can I get this running?
--
View this message in context: http://www.nabble.com/Connector-problem-tp19603189p19603189.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connector problem
Posted by Peter Crowther <Pe...@melandra.com>.
> From: Jörg Fröber [mailto:joerg.froeber@indv.de]
> Sorry to kind of hijack this thread, but would it be possible
> to use one
> of the certificates linked below with tomcat, when only 1 IP and 1
> SSL-Connector is used for different <Host> elements?
>
> http://www.geotrusteurope.com/products/ssl_certificates/true_b
> usinessid_mdm.asp
> http://www.positivessl.com/ssl-certificate-products/ssl/multi-
> domain-ssl-certificate.html
Assuming the browser support is out there then yes, it should be possible.
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connector problem
Posted by Jörg Fröber <jo...@indv.de>.
Am 22.09.2008, 12:17 Uhr, schrieb Peter Crowther
<Pe...@melandra.com>:
>> From: Mathias P.W Nilsson [mailto:mathias@snyltarna.se]
>> Let's say I want a user to access the website in this fashion
>>
>> https://www.domain1.com ( SSL from thawte )
>> https://www.domain2.com ( SSL from thawte )
>> https://www.domain1.se ( SSL from thawte )
>>
>> What would I have to do to make this work? I only have one
>> server that is running tomcat 6.
>
> You would have to:
>
> - Obtain and set up 3 different IP addresses for the server;
>
> - Set up DNS to point www.domain1.com to one of the IP addresses,
> www.domain2.com to another, and www.domain1.se to the third.
>
> - Configure 3 different <Host> elements in your server.xml, each for one
> of the secure domains;
>
> - Configure each <Host> to use the appropriate certificate from your
> keystore(s). This is no harder than configuring one Host for SSL, you
> just need to do it three times :-).
>
> - Peter
>
Sorry to kind of hijack this thread, but would it be possible to use one
of the certificates linked below with tomcat, when only 1 IP and 1
SSL-Connector is used for different <Host> elements?
http://www.geotrusteurope.com/products/ssl_certificates/true_businessid_mdm.asp
http://www.positivessl.com/ssl-certificate-products/ssl/multi-domain-ssl-certificate.html
Jörg
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connector problem
Posted by Peter Crowther <Pe...@melandra.com>.
> From: Mathias P.W Nilsson [mailto:mathias@snyltarna.se]
> When a user access www.domain1.se then I read the
> HTTPServletRequest host
> name to see what site
> he/she want's to access. This is because I do not want 3
> hibernate access to
> the same database because that won't work. I would get a lot
> of exceptions
> from hibernate if an entity is changed in one domain and not
> the other.
>
> So, can I set up the server in the way I have done now? If I
> use 3 different
> hosts, how can this point to the same war file without
> loading the war file twice?
I am not aware of any way of doing this, unless you re-architect the application so that all Hibernate access is done in classes that are only loaded once. However, I'm not a Tomcat expert and there may be ways round the problem!
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connector problem
Posted by "Mathias P.W Nilsson" <ma...@snyltarna.se>.
Ok thanks!
The problem is that I need the host to run under the same tomcat instance.
When a user access www.domain1.se then I read the HTTPServletRequest host
name to see what site
he/she want's to access. This is because I do not want 3 hibernate access to
the same database because that won't work. I would get a lot of exceptions
from hibernate if an entity is changed in one domain and not the other.
So, can I set up the server in the way I have done now? If I use 3 different
hosts, how can this point to the same war file without loading the war file
twice?
--
View this message in context: http://www.nabble.com/Connector-problem-tp19603189p19605213.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Connector problem
Posted by Peter Crowther <Pe...@melandra.com>.
> From: Mathias P.W Nilsson [mailto:mathias@snyltarna.se]
> Let's say I want a user to access the website in this fashion
>
> https://www.domain1.com ( SSL from thawte )
> https://www.domain2.com ( SSL from thawte )
> https://www.domain1.se ( SSL from thawte )
>
> What would I have to do to make this work? I only have one
> server that is running tomcat 6.
You would have to:
- Obtain and set up 3 different IP addresses for the server;
- Set up DNS to point www.domain1.com to one of the IP addresses, www.domain2.com to another, and www.domain1.se to the third.
- Configure 3 different <Host> elements in your server.xml, each for one of the secure domains;
- Configure each <Host> to use the appropriate certificate from your keystore(s). This is no harder than configuring one Host for SSL, you just need to do it three times :-).
- Peter
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connector problem
Posted by "Mathias P.W Nilsson" <ma...@snyltarna.se>.
OK!
How would that setup look like?
Let's say I want a user to access the website in this fashion
https://www.domain1.com ( SSL from thawte )
https://www.domain2.com ( SSL from thawte )
https://www.domain1.se ( SSL from thawte )
What would I have to do to make this work? I only have one server that is
running tomcat 6.
I would like to keep the settings in server.xml if that is possible. I read
on some other thread that you could use different ports for the connector.
How does this fit in the picture of letting the user enter https://? The
user would not know the port to connect to.
// Mathias
--
View this message in context: http://www.nabble.com/Connector-problem-tp19603189p19604968.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Connector problem
Posted by Mark Thomas <ma...@apache.org>.
Mathias P.W Nilsson wrote:
> Hi!
>
> I have this setup in my server.xml
>
> <Connector port="443" protocol="HTTP/1.1" SSLEnabled="true"
> maxThreads="150" scheme="https" secure="true"
> clientAuth="false" sslProtocol="TLS"
> keystoreFile="c:/keystore"
> keystorePass="pass" />
>
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true"
> xmlValidation="false" xmlNamespaceAware="false">
> <Alias>www.alias1.se</Alias>
> <Alias>www.alias1.com</Alias>
> <Alias>www.alias2.com</Alias>
> </Host>
>
>
> How can I install a connector for each site on the 443 port? My application
> is running under
> ROOT.war. Hibernate is not glad if I run multiple instances.
>
> Now I have a ssl certificate for each alias. How can I get this running?
You can't. You can only have one certificate per connector. In some cases
you might be able to use a wildcard cert (*.foo.bar) but that doesn't look
like it will work for you.
Options:
- pick one of the domains to be the main domain and then redirect all the
others to that one
- install multiple connectors on different port/ip combinations
Mark
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org