Tomcat 9:如何支持数百万个SSL证书?

时间:2018-10-11 00:58:10

标签: ssl dynamic ssl-certificate virtualhost tomcat8

Tomcat 9:如何支持数百万个SSL证书?

最好将所有SSL证书都放入数据库中,并允许用户为新的虚拟主机添加新证书。

当前,所有SSL连接器都必须在server.xml中进行静态配置。

<Connector port="8443"
           protocol="org.apache.coyote.http11.Http11AprProtocol"
           maxThreads="150"
           SSLEnabled="true"
           defaultSSLHostConfigName="openoffice.apache.org" >
    <SSLHostConfig hostName="openoffice.apache.org" >
        <Certificate certificateKeyFile="conf/openoffice.apache.org-rsa-key.pem"
                     certificateFile="conf/openoffice.apache.org-rsa-cert.pem"
                     type="RSA" />
        <Certificate certificateKeyFile="conf/openoffice.apache.org-ec-key.pem"
                     certificateFile="conf/openoffice.apache.org-ec-cert.pem"
                     type="EC" />
    </SSLHostConfig>
    <SSLHostConfig hostName="www.openoffice.org" >
        <Certificate certificateKeyFile="conf/www.openoffice.org-rsa-key.pem"
                     certificateFile="conf/www.openoffice.org-rsa-cert.pem"
                     type="RSA" />
        <Certificate certificateKeyFile="conf/www.openoffice.org-ec-key.pem"
                     certificateFile="conf/www.openoffice.org-ec-cert.pem"
                     type="EC" />
    </SSLHostConfig>
</Connector>

是否有自定义方式来处理SSL证书?基本上如何动态添加SSLHostConfig?

0 个答案:

没有答案
相关问题
最新问题