在 Tomcat 7 中使用多个 SSL 证书 [英] Using multiple SSL certificates in Tomcat 7

问题描述

我一直在 Apache Tomcat 7 中使用通配符 SSL 证书.但现在我必须更新，我看到有这些 EV(扩展验证)SSL 证书，其中浏览器显示一个漂亮的绿色条，让用户感觉更好.这对我的网站很重要，所以我想要它！但是我有多个子域，显然 EV SSL 证书本质上不是通配符.好吧，我有一定数量的子域，我可以为每个子域购买一堆(我肯定至少需要 2 个)EV SSL 证书.

I've been using a wildcard SSL certificate in Apache Tomcat 7. But now that I have to renew, I see there are these EV (extended verification) SSL certificates where browsers show a nice green bar so users feel better. That would be important for my site, so I want it! But I have multiple subdomains and apparently EV SSL certificates are NOT wildcard by nature. So ok, I have a set number of subdomains, I can just buy a bunch (I definitely need at least 2) EV SSL certificates for each subdomain.

我可以在 Tomcat 7 中进行设置，以便在 1 个 Web 应用程序上有多个 SSL 证书吗?给这台机器分配多个IP地址对我来说不是问题.

Can I set this up in Tomcat 7 so that there are multiple SSL certificates on 1 web application? It's not a problem for me to assign multiple IP addresses to this machine.

推荐答案

如果没有 Java (6) 不支持的服务器名称指示 (SNI)，您需要每个 IP 地址一个证书.

Without Server Name Indication (SNI), which is not supported in Java (6), you need one certificate per IP address.

您可以使用 地址属性.

例如:

<Connector 
       port="8443" maxThreads="200" address="10.0.0.1"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="keystore1.jks" keystorePass="..."
       clientAuth="false" sslProtocol="TLS"/>
<Connector 
       port="8443" maxThreads="200" address="10.0.0.2"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="keystore2.jks" keystorePass="..."
       clientAuth="false" sslProtocol="TLS"/>

如果需要，您也可以使用相同的密钥库，并使用 keyAlias 属性(在 Connector 中)告诉连接器要使用哪个密钥/证书使用(基于密钥库中的别名).

You may also be able to use the same keystore, if you need, and use the keyAlias attribute (in Connector) to tell the connector which key/certificate to use (based on the alias name in the keystore).

这篇关于在 Tomcat 7 中使用多个 SSL 证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！