DeskNow Knowledge Base
 
      
Home Installation and initial setup How can I setup different SSL certificates, one for every domain?

How can I setup different SSL certificates, one for every domain?

This is possible, but only by associating a different IP address to every domain.

Basically you can have two different types of virtual domains in HTTP: IP based (one domain per network interface, or IP address) and name based.

The name based approach is the more popular, and introduced in HTTP 1.1 . It allows you to have thousands of domains on a single IP.

The problem with name based virtual domains is that the HTTP request includes the name of the host it wants to access. BUT, if using SSL, this must be already encrypted! This means that the information that the server needs in order to determine which domain and certificate to use, is already encrypted with that certificate! So it simply cannot find it.

For more reference, see http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html

Also

http://www.experts-exchange.com/Web/Q_21278546.html


This means that only IP based virtual hosting is possible with any web server (not just Tomcat).

IP based virtual hosting

In Tomcat, this is done by editing the file server.xml and adding another HTTPS connector listening to a different address. In there, you can specify the SSL keystore to use. The file is located in C:\Program Files\DeskNow\conf , or /var/desknow/conf

For instance, you can setup two (or more) SSL connectors:

 In server.xml you'll have two (or more) ssl connectors:

<Connector address="1.2.3.4" port="443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="conf/keystore_1_2_3_4" sslProtocol="TLS" />

<Connector port="443" address="1.2.3.5"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" keystoreFile="conf/keystore_1_2_3_5" sslProtocol="TLS" />

In this example one connector is listening on 1.2.3.4 and one listening on 1.2.3.5, each using its own keystore file. It assumes the keystore files are placed in the same 'conf' folder as the server.xml file.

Please refer to the SSL section in the Administration manual for more information about creating keystore files for your SSL certificates.

Tip: having to use more http connectors, you may want to increase the amount of ram dedicated to DeskNow, to at least 256Mb (this is the default on Linux, whereas on Windows the default is 128 Mb): see this article.

Email Article Email
Print Article Print


How helpful was this article to you?
Related Articles
article How to use a custom password for the SSL certificates
If you decided to not use the default...

(No rating)  April 14, 2009    Views: 13380   
article How do I setup DeskNow on Mac OSX?
A very kind supporter has written a step by...

(No rating)  October 28, 2004    Views: 60978   
article Can I setup DeskNow to reject messages immediately if they are blacklisted by SURBL?
This is not possible, because of the...

(No rating)  May 18, 2006    Views: 15817   



Powered by Lore :: (c)2003 Pineapple Technologies.