From: DeskNow Knowledge Base
http://www.desknow.com/kb/

How can I setup different SSL certificates, one for every domain?
http://www.desknow.com/kb/idx/12/081/article/

This is possible, but only by associating a different IP address to every domain.

Basically you can have two different types of virtual domains in HTTP: IP based (one domain per network interface, or IP address) and name based.

The name based approach is the more popular, and introduced in HTTP 1.1 . It allows you to have thousands of domains on a single IP.

The problem with name based virtual domains is that the HTTP request includes the name of the host it wants to access. BUT, if using SSL, this must be already encrypted! This means that the information that the server needs in order to determine which domain and certificate to use, is already encrypted with that certificate! So it simply cannot find it.

For more reference, see http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html

Also

http://www.experts-exchange.com/Web/Q_21278546.html


This means that only IP based virtual hosting is possible with any web server (not just Tomcat).

IP based virtual hosting

In Tomcat, this is done by editing the file server.xml and adding another HTTPS connector listening to a different address. In there, you can specify the SSL keystore to use. The file is located in C:\Program Files\DeskNow\conf , or /var/desknow/conf

For instance, you can setup two (or more) SSL connectors:

 In server.xml you'll have two (or more) ssl connectors:

<Connector address="1.2.3.4" port="443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="conf/keystore_1_2_3_4" sslProtocol="TLS" />

<Connector port="443" address="1.2.3.5"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="conf/keystore_1_2_3_5" sslProtocol="TLS" />

In this example one connector is listening on 1.2.3.4 and one listening on 1.2.3.5, each using its own keystore file. It assumes the keystore files are placed in the same 'conf' folder as the server.xml file.

Please refer to the SSL section in the Administration manual for more information about creating keystore files for your SSL certificates.

Tip: having to use more http connectors, you may want to increase the amount of ram dedicated to DeskNow, to at least 256Mb (this is the default on Linux, whereas on Windows the default is 128 Mb): see this article.