Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>The easiest way to do this is to use a single certificate for all your domain names. Put all other site names in SAN (Subject Alternative Name).</p> <p>If you prefer one certificate for each domain name, you can write your own key manager and use alias to identify the domain so you can use a single keystore. In our system, we make a convention that keystore alias always equals the CN in the certificate. So we can do something like this,</p> <pre><code>SSLContext sctx1 = SSLContext.getInstance("SSLv3"); sctx1.init(new X509KeyManager[] { new MyKeyManager("/config/master.jks","changeme".toCharArray(),"site1.example.com") },null, null); SSLServerSocketFactory ssf = (SSLServerSocketFactory) sctx1.getServerSocketFactory(); ServerSocket ss1 = ssf.createServerSocket(1234); ... SSLContext sctx2 = SSLContext.getInstance("SSLv3"); sctx2.init(new X509KeyManager[] { new MyKeyManager("/config/master.jks","changeme".toCharArray(),"site2.example.com") },null, null); ssf = (SSLServerSocketFactory) sctx2.getServerSocketFactory(); ServerSocket ss2 = ssf.createServerSocket(5678); </code></pre> <p>...</p> <pre><code>public static class MyKeyManager implements X509KeyManager { private KeyStore keyStore; private String alias; private char[] password; MyKeyManager(String keyStoreFile, char[] password, String alias) throws IOException, GeneralSecurityException { this.alias = alias; this.password = password; InputStream stream = new FileInputStream(keyStoreFile); keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(stream, password); } public PrivateKey getPrivateKey(String alias) { try { return (PrivateKey) keyStore.getKey(alias, password); } catch (Exception e) { return null; } } public X509Certificate[] getCertificateChain(String alias) { try { java.security.cert.Certificate[] certs = keyStore.getCertificateChain(alias); if (certs == null || certs.length == 0) return null; X509Certificate[] x509 = new X509Certificate[certs.length]; for (int i = 0; i &lt; certs.length; i++) x509[i] = (X509Certificate)certs[i]; return x509; } catch (Exception e) { return null; } } public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { return alias; } public String[] getClientAliases(String parm1, Principal[] parm2) { throw new UnsupportedOperationException("Method getClientAliases() not yet implemented."); } public String chooseClientAlias(String keyTypes[], Principal[] issuers, Socket socket) { throw new UnsupportedOperationException("Method chooseClientAlias() not yet implemented."); } public String[] getServerAliases(String parm1, Principal[] parm2) { return new String[] { alias }; } public String chooseServerAlias(String parm1, Principal[] parm2) { return alias; } } </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload