Security FAQ
Resin 3.0

Features
Installation
Configuration
Web Applications
IOC/AOP
Resources
JSP
Quercus
Servlets and Filters
Databases
Admin (JMX)
CMP
EJB
Amber
EJB 3.0
Security
XML and XSLT
XTP
JMS
Performance
Protocols
Third-party
Troubleshooting/FAQ

Authentication
Digest Passwords
Authorization
SSL
Security Manager
Malicious Attacks
Tutorials
FAQ
Scrapbook
Tutorials
Security
Scrapbook

  1. Can I use different SSL certificates for each virtual host?
  2. Why does Resin say I need OPENSSL_THREADS when I try to use OpenSSL?
  3. What is the sequence of handshakes for an SSL connection?

Can I use different SSL certificates for each virtual host?

We have two domains on one server. Is there an example config file showing how to have multiple ssl certificates, one for each virtual host?

This is not possible if you are using Resin's virtual hosting capability to serve to multiple domain names using a single IP address.

The SSL connection (and certificate) are handled before the HTTP request is sent. Unless the domain name is mapped to a unique ip address, the server doesn't know which domain name the user is using until after SSL is set up. There is no way for Resin to determine which domain name the user has specified in the url.

It is possible if you have separate IP addresses for the hosts. You would start seperate <http> servers that only bind on that ip address. Each of these <http> servers can have seperate ssl configurations.

Why does Resin say I need OPENSSL_THREADS when I try to use OpenSSL?

Resin dies with an error on startup "Resin requires a threaded version of OpenSSL. OpenSSL must be compiled with OPENSSL_THREADS for Resin to use it."

Resin requires a threaded version of the OpenSSL libraries. Usually a threaded version is the default for OpenSSL, however on some systems it is necessary to explicitly request a thread version.

To recompile the openssl libraries with threading enabled:

$ cd openssl-0.9.7c
$ ./config threads
$ make
$ make install

The INSTALL document from the OpenSSL package contains more information on the threads option.

What is the sequence of handshakes for an SSL connection?

ClientHello-> 
<-ServerHello
<-CertificateChain
<-ServerHelloDone
ClientKeyExchange->
ChangeCipherSpec->
Finished->
<-ChangeCipherSpec
<-Finished


Tutorials
Security
Scrapbook
Copyright © 1998-2006 Caucho Technology, Inc. All rights reserved.
Resin® is a registered trademark, and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc.