00:04.54 | *** join/#tomcat anildigital_work (u385@gateway/web/irccloud.com/x-kvfyymixfyykylds) |
01:02.32 | campee | jasonb: i have a tomcat server with a single IP address and a single SSL certificate. my SSL certificate uses "subject alternate names". it has a primary domain that it's for and several alternative names that are listed on the cert. that part works fine, with one big exception: versions of android prior to 2.3 don't process the subject alternate names in the certificate properly and get a cert error |
01:03.06 | campee | actually, the issue occurs on 2.3 as well. it's an older version but i want to make sure that no one gets an exception, regardless of whether their phone is out of date |
01:03.46 | campee | so my "fix" for the issue would be to buy multiple SSL certs for each domain and install them on my tomcat server. but since it only has one IP address, i'm thinking i would need to add IP addresses to my tomcat server to satisfy the one SSL cert per IP address limitation that i suspect will be imposed upon me |
01:04.47 | campee | i've read about RFC 3546 and server name indication but not all browsers support this method of using multiple ssl certs with the same ip address, so i don't think it's a valid option.. i doubt the older versions of android will support it and i'll be back to square one |
01:06.55 | campee | i know that in apache httpd you can't use more than one ssl cert with a virtual host, and you can't have more than one ssl enabled virtual host associated with the same ip address, even if they're listening on different ports |
01:07.45 | campee | so my question is whether the same limitation is present in tomcat (5.5, specifically) that is present in apache httpd as far as ssl certs and a single ip address on your server |
01:09.04 | campee | in case i wasn't clear, my server with the SSL cert with subject alternate names is responsible for handling multiple domains, so a wild-card cert is not an option (domain1.com, domain2.com, etc) |
01:30.42 | jasonb | campee: Okay. Well, first, you really need to stop using Tomcat 5.5. There are so many reasons for that, I can't list them all. |
01:31.26 | jasonb | campee: And, if you can't use a wildcard cert (you can't), then you'd need to do it some other way. |
01:32.49 | jasonb | campee: You could add 1 IP address for each domain to your server, then configure one Tomcat <Connector> for each, each Connector having its own cert.. if that works. |
01:36.07 | jasonb | campee: This might also work: I suppose you could have a single server IP address, put all your certs in a single keystore that is configured in a single HTTPS <Connector>, and then when a request is handled, the cert with the request's server hostname in the cert would be served/used. |
03:59.20 | *** join/#tomcat lkoranda (~lkoranda@ip4-83-240-110-182.cust.nbox.cz) |
04:21.30 | *** join/#tomcat mike817 (~mike817@ool-44c27cf2.dyn.optonline.net) |
05:58.23 | *** join/#tomcat ph8 (~ph8@94.75.239.198) |
06:48.48 | *** join/#tomcat kantlivelong (~kantlivel@home.kantlivelong.com) |
08:55.39 | *** join/#tomcat factor (~factor@r74-195-187-97.msk1cmtc01.mskgok.ok.dh.suddenlink.net) |
09:48.56 | *** join/#tomcat zerobravo (~zerobravo@199-167.dsl.iskon.hr) |
11:32.44 | *** join/#tomcat acidjnk22 (~havenone@p4FDFD1EF.dip.t-dialin.net) |
12:12.39 | *** join/#tomcat snuff (~Daron@ppp118-209-133-175.lns20.mel6.internode.on.net) |
12:37.28 | *** join/#tomcat snuff (~Daron@ppp118-209-133-175.lns20.mel6.internode.on.net) |
14:26.33 | *** join/#tomcat strong (~strong@64.27.3.214) |
15:22.53 | *** join/#tomcat Electron (~Electron@CPE20aa4b1664bd-CM185933fe73ca.cpe.net.cable.rogers.com) |
15:23.50 | *** join/#tomcat Electro__ (~Electron@CPE20aa4b1664bd-CM185933fe73ca.cpe.net.cable.rogers.com) |
16:43.09 | *** join/#tomcat Mimiko (~Mimiko@89.28.88.177) |
17:23.05 | *** join/#tomcat kampsun (~kasutaja@63.70.235.80.dyn.estpak.ee) |
17:34.16 | *** join/#tomcat BiGBOi_ (~michael@174.143.128.166) |
18:03.15 | *** join/#tomcat memoryleak (~memorylea@46-126-241-78.dynamic.hispeed.ch) |
19:00.37 | *** join/#tomcat BiGBOi (~michael@174.143.128.166) |
19:02.32 | *** join/#tomcat BiGBOi (~michael@174.143.128.166) |
22:20.17 | *** part/#tomcat memoryleak (~memorylea@46-126-241-78.dynamic.hispeed.ch) |