File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes Multiple SSL Certificates in Single Keystore File Possible? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Multiple SSL Certificates in Single Keystore File Possible?" Watch "Multiple SSL Certificates in Single Keystore File Possible?" New topic
Author

Multiple SSL Certificates in Single Keystore File Possible?

Ed James
Greenhorn

Joined: Feb 10, 2010
Posts: 7
I have an Apache Tomcat 6.0 server hosting 3 sites (all internal on a test subnet), all of which require SSL. Is it possible to have 3 different SSL certs imported into my single .keystore file? If so, how do I specify what site uses what certificate? I've read about keyAlias parameter but I can't seem to get it to work. I could use a wildcard cert if they all had the same domain suffix but they do not (for example, I have https://mysite.mydomain.org, https://myservername, https://myserverIP).

Any information would be appreciated.

Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15632
    
  15

I think a bigger problem is that the way SSL works allows only one cert per server machine (or server IP ?). So the limitation isn't in J2EE, it's in SSL as a whole.


Customer surveys are for companies who didn't pay proper attention to begin with.
Harri Kw
Greenhorn

Joined: Oct 11, 2013
Posts: 2
Were you able to resolve this issue?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39544
    
  27
Tim Holloway wrote:I think a bigger problem is that the way SSL works allows only one cert per server machine (or server IP ?).

I think it's one certificate per IP address.


Ping & DNS - updated with new look and Ping home screen widget
Daya Moon
Greenhorn

Joined: Aug 06, 2013
Posts: 4
yes,
to import use
keytool -importcert -file your1st.crt -alias 1st.site.com -keystore TheKeyStore.keystore -storepass pass
keytool -importcert -file your2nd.crt -alias 2ndt.site.com -keystore TheKeyStore.keystore -storepass pass

to list the certificates
keytool -list -v -keystore TheKeyStore.keystore -storepass pass
Harri Kw
Greenhorn

Joined: Oct 11, 2013
Posts: 2
Daya Moon wrote:yes,
to import use
keytool -importcert -file your1st.crt -alias 1st.site.com -keystore TheKeyStore.keystore -storepass pass
keytool -importcert -file your2nd.crt -alias 2ndt.site.com -keystore TheKeyStore.keystore -storepass pass

to list the certificates
keytool -list -v -keystore TheKeyStore.keystore -storepass pass



Yes but you're not allowed to use the same port with different alias'.
The application would be using the same service with different cnames.
Unless i'm missing something here.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Multiple SSL Certificates in Single Keystore File Possible?
 
Similar Threads
JBOSS and SSL
Enabling SSL in netbeans
Configuring SSL on JBoss
configuring SSL in tomcat
Unable to find valid certification path to requested target