通过连接器为同一Tomcat应用程序提供不同的证书？ [英] Serve different certs for same Tomcat application via connectors?

问题描述

在有限的时间内，我们必须从两个不同的域名提供相同的Tomcat 6网络应用程序。两个域都需要提供HTTPS - 技术上是否可以使用连接器（或其他方法）为同一个应用程序提供不同的证书？

For a limited time, we have to serve the same Tomcat 6 web application from two different domain names. Both domains need to be served HTTPS - is it technically possible to handle serving different certs for the same app using connectors (or other method)?

另一个选项试图避免）是处理应用程序上游的cert传递。

The other option (which we are trying to avoid) is to handle the cert delivery upstream of the application.

TIA，

Geoff

推荐答案

有3种方法可以做到这一点，

There are 3 ways to do this,

1. up 2个连接器绑定到每个IP。这是最干净的解决方案。

1. Get 2 IPs for the same host and set up 2 connectors bound to each IP. This is cleanest solution.

获取SAN（主题备用名称）的证书。这基本上是一个拥有2个主机名的证书。

Get a cert with SAN (Subject Alternative Name). This is basically a cert with 2 hostnames. Some real old browser and Java 1.5 earlier doesn't support SAN.

另一种在同一个IP上使用2个证书的方法是使用SNI（服务器名称指示）扩展TLS。不幸的是，JSSE不支持。如果您可以在Tomcat前运行Apache httpd，您可以使用此功能。

Another way to use 2 certs on the same IP is to use SNI (Server Name Indication) extension of TLS. Unfortunately, this is not supported by JSSE. If you can run an Apache httpd in front of the Tomcat, you can use this feature.

这篇关于通过连接器为同一Tomcat应用程序提供不同的证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！