I have got two DNS entries for the same IP address. And I have two ssl keystores for each one of them. Can I mention both the keystores in server.xml as shown below ?
<Connector address="my_IP_Addres" port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
enableLookups="true" disableUploadTimeout="true"
keystoreFile="1st_keystore_file" keystorePass="1st_key_pass"
clientAuth="false" sslProtocol="SSL" />
<Connector address="my_IP_Addres" port="443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
enableLookups="true" disableUploadTimeout="true"
keystoreFile="2nd_keystore_file" keystorePass="2nd_key_pass"
clientAuth="false" sslProtocol="SSL" />
No, you cannot use several connectors to single endpoint with Tomcat. HTTPS is HTTP over SSL. It means
DNS entries (host->IP) in your case allows client to resolve server IP before SSL handshake. But during handshake hostnames are not used. This is why server cannot resolve which key/cert pair to use on this phase. And this is the cause, why the only key/cert pair can be provided.
See HTTPS limitations for more details.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.