users@glassfish.java.net

RE: SSL Certs for different urls

From: Derek Sceats <dsceats_at_silasg.com>
Date: Fri, 10 Jul 2009 06:27:22 -0700

I believe that you can only give one nickname per listener port, but defer to the Glassfish development team to confirm.

Assuming this is the case, one possibility is to use Apache as a reverse proxy. If you set up two different virtual servers in Glassfish and dedicate a unique http listener to each virtual server (for example, server1 with listener 8183 and server2 with listener 8185), then enable security and use a different certificate for each port. Deploy each application to the two separate virtual servers (for example, app1 to virtual server1 on port 8183, and app2 to virtual server2 on port 8185).

When you set up Apache as a reverse proxy (assume port 80 as the Apache listener port), you map:

/app1 https://<FQDN>:8183/app1
/app2 https://<FQDN>:8185/app2

This way, your users think they are using only one port and you can use a different certificate for each application. If you use a default listener port for Apache (80 or 443), your users don't have to enter the port number in the URL, just the application URI.

Hope this helps.

Derek

-----Original Message-----
From: glassfish_at_javadesktop.org [mailto:glassfish_at_javadesktop.org]
Sent: Fri 7/10/2009 12:11 AM
To: users_at_glassfish.dev.java.net
Subject: SSL Certs for different urls
 
Hi there!

We use a Glassfish v2.1 and it works correctly with an ssl enabled http-listener .
But now we have an other small project which needs an ssl enabled http-listener, but same port (https). I found that I can give only one Certificate Nickname for one http-listener, but we have 2 different ssl cert (and alias) in the same keystore, so it's not enough. Is it possible to use them same time, or not? If it is, how and where can I find documentation?
[Message sent by forum member 'fecnek' (fecnek)]

http://forums.java.net/jive/thread.jspa?messageID=355049

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
For additional commands, e-mail: users-help_at_glassfish.dev.java.net