我尝试使用单个IP在Tomcat 8.5上配置多个SSL证书。我的相关server.xml如下所示:
<Connector port="9090" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="9443" />
<Connector port="9443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true" hostName="firstnationalsculpturepark.com"
clientAuth="false" sslProtocol="TLS" defaultSSLHostConfigName="firstnationalsculpturepark.com"
>
<SSLHostConfig hostname="firstnationalsculpturepark.com">
<Certificate
certificateKeystoreFile="/apache/conf/twinfeats.keystore"
certificateKeystorePassword="xxxxxxx"
certificateKeyAlias="firstnationalsculpturepark"
/>
</SSLHostConfig>
</Connector>
启动时,会记录以下内容:
03-Aug-2016 16:47:04.541 WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'hostName' to 'firstnationalsculpturepark.com' did not find a matching property.
我不确定我做错了什么,因为在Tomcat 8.5文档中将hostName属性指示为SSLHostConfig的属性。 (上述错误会导致尝试查找默认密钥库文件时出错,因为它没有使用我指定的那个,但这是预期的。)
答案 0 :(得分:3)
我有多个SSLConfig可以工作,但请注意&#34;主机名&#34;在上面的SSLHostConfig上应该有一个资本&#39; N&#39;例如hostName。 PLUS ......我不得不升级到tomcat 8.5.13(最新版),因为它似乎与我当时使用的8.5.4无关。
我为其他人做的例子:
<Connector port="443"
............
scheme="https" secure="true" SSLEnabled="true"
defaultSSLHostConfigName="mydomain.com">
<SSLHostConfig hostName="mydomain.com"
certificateVerification="false">
<Certificate
certificateKeystoreFile="my.ks"
certificateKeystorePassword="password"
certificateKeyAlias="cert1"/>
</SSLHostConfig>
<SSLHostConfig hostName="mydomain2.com"
certificateVerification="false">
<Certificate
certificateKeystoreFile="my.ks"
certificateKeystorePassword="password"
certificateKeyAlias="cert2"/>
</SSLHostConfig>
</Connector>