aspose file tools*
The moose likes Tomcat and the fly likes Multiple SSL Certificates in Single Keystore File Possible? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Multiple SSL Certificates in Single Keystore File Possible?" Watch "Multiple SSL Certificates in Single Keystore File Possible?" New topic
Author

Multiple SSL Certificates in Single Keystore File Possible?

Ed James
Greenhorn

Joined: Feb 10, 2010
Posts: 7
I have an Apache Tomcat 6.0 server hosting 3 sites (all internal on a test subnet), all of which require SSL. Is it possible to have 3 different SSL certs imported into my single .keystore file? If so, how do I specify what site uses what certificate? I've read about keyAlias parameter but I can't seem to get it to work. I could use a wildcard cert if they all had the same domain suffix but they do not (for example, I have https://mysite.mydomain.org, https://myservername, https://myserverIP).

Any information would be appreciated.

Thanks
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16142
    
  21

I think a bigger problem is that the way SSL works allows only one cert per server machine (or server IP ?). So the limitation isn't in J2EE, it's in SSL as a whole.


Customer surveys are for companies who didn't pay proper attention to begin with.
Harri Kw
Greenhorn

Joined: Oct 11, 2013
Posts: 2
Were you able to resolve this issue?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42278
    
  64
Tim Holloway wrote:I think a bigger problem is that the way SSL works allows only one cert per server machine (or server IP ?).

I think it's one certificate per IP address.


Ping & DNS - my free Android networking tools app
Daya Moon
Greenhorn

Joined: Aug 06, 2013
Posts: 4
yes,
to import use
keytool -importcert -file your1st.crt -alias 1st.site.com -keystore TheKeyStore.keystore -storepass pass
keytool -importcert -file your2nd.crt -alias 2ndt.site.com -keystore TheKeyStore.keystore -storepass pass

to list the certificates
keytool -list -v -keystore TheKeyStore.keystore -storepass pass
Harri Kw
Greenhorn

Joined: Oct 11, 2013
Posts: 2
Daya Moon wrote:yes,
to import use
keytool -importcert -file your1st.crt -alias 1st.site.com -keystore TheKeyStore.keystore -storepass pass
keytool -importcert -file your2nd.crt -alias 2ndt.site.com -keystore TheKeyStore.keystore -storepass pass

to list the certificates
keytool -list -v -keystore TheKeyStore.keystore -storepass pass



Yes but you're not allowed to use the same port with different alias'.
The application would be using the same service with different cnames.
Unless i'm missing something here.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Multiple SSL Certificates in Single Keystore File Possible?