Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
412 views
in Technique[技术] by (71.8m points)

lets encrypt - Apache Tomcat 9 multi domain SSL certs fail using one server

Tomcat version: Apache Tomcat/9.0.24
JVM version: 11.0.9.1+1-Ubuntu-0ubuntu1.18.04

I have 2 domains being served by the tomcat server
I have for each one a wildcard certificate. *.abc.co.za and *.defx.co.za
with the server.xml configuration below I always only get the *.defx.co.za certificate produced even thow I queried the abc.co.za domain.
By swopping around the connectors produce the other certificate
I do not seem to be able to produce different certificates for each different end-point visited!

Documentation does not seem to be good on this issue

/opt/tomcat/conf/server.xml

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="defx.co.za">
        <SSLHostConfig HostName="defx.co.za">
            <Certificate certificateFile="conf/cert.pem"
                 certificateKeyFile="conf/privkey.pem"
                 certificateChainFile="conf/chain.pem" />
        </SSLHostConfig>
        <SSLHostConfig HostName="*.defx.co.za">
            <Certificate certificateFile="conf/cert.pem"
                 certificateKeyFile="conf/privkey.pem"
                 certificateChainFile="conf/chain.pem" />
         </SSLHostConfig>
    </Connector>
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" SSLEnabled="true" defaultSSLHostConfigName="abc.co.za">
         <SSLHostConfig HostName="abc.co.za">
            <Certificate certificateFile="conf/abc-cert.pem"
                 certificateKeyFile="conf/abc-privkey.pem"
                 certificateChainFile="conf/abc-chain.pem" />
        </SSLHostConfig>
         <SSLHostConfig HostName="*.abc.co.za">
            <Certificate certificateFile="conf/abc-cert.pem"
                 certificateKeyFile="conf/abc-privkey.pem"
                 certificateChainFile="conf/abc-chain.pem" />
        </SSLHostConfig>
    </Connector>
question from:https://stackoverflow.com/questions/65886618/apache-tomcat-9-multi-domain-ssl-certs-fail-using-one-server

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...