[英]Tomcat 8.5 multiple domains using multiple certificate stores
We had a working setup using multiple domains sharing a certificate.我们有一个使用多个域共享证书的工作设置。 But now the setup is changed to use different certificates for the the different domains.
但是现在设置已更改为对不同的域使用不同的证书。
<server>
<!-- other non-changed stuff -->
<Service name="Catalina">
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
<Connector
port="443"
clientAuth="false"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="200"
enableLookups="false"
SSLEnabled="true"
scheme="https"
secure="true"
defaultSSLHostConfigName="stuff.company.com">
<SSLHostConfig hostName="stuff.company.com">
<Certificate
certificateKeyAlias="stuff"
certificateKeystoreType="JKS"
certificateKeystoreFile="/conf/certs/stuff.company.com.jks"
certificateKeystorePassword="[redacted]"
certificateKeyPassword="[redacted]"
type="RSA"
/>
</SSLHostConfig>
<SSLHostConfig hostName="things.company2.com">
<Certificate
certificateKeystoreFile="conf/certs/things.company2.com.jks"
certificateKeystorePassword="[redacted]"
certificateKeyPassword="[redacted]"
type="RSA"
/>
</SSLHostConfig>
</Connector>
<Engine>
<Host name="stuff.company.com" appBase="webapps/stuff-company-com">
<Context path="" cookies="false" docBase=""/>
<alias>stuff.company.com</alias>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="stuff.company.com_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
<Host name="things.company2.com" appBase="webapps/things-company2-com">
<Context path="" cookies="false" docBase=""/>
<alias>things.company2.com</alias>
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="things.company2.com_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
Notes:笔记:
We changed clientAuth (deprecated) to certificateVerification (current way of doing things) which prevents all problems that can emerge from "If this SSLHostConfig element is not explicitly defined, it will be created", that has been discussed elsewhere on Stack Overflow.我们将 clientAuth(已弃用)更改为 certificateVerification(当前的处理方式),以防止“如果未明确定义此 SSLHostConfig 元素,它将被创建”可能出现的所有问题,这已在 Stack Overflow 的其他地方讨论过。
Lessons learned are probably to first make sure everything is ported to the new way of doing things.吸取的教训可能是首先确保一切都移植到新的做事方式。 In this case the new way of setting up a Connector .
在这种情况下,设置连接器的新方法。 And after that proceed with whatever feature should be implemented.
之后继续执行应该实现的任何功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.