How can I have multiple SSL certificates for a Java server

Question

I have an in-house HTTP server written in Java; full source code at my disposal. The HTTP server can configure any number of web sites, each of which will have a separate li

Answer 1

You won't be able to use the default SSLServerSocketFactory.

Instead, initialize a different SSLContext for each site, each using a KeyManagerFactory configured with a key store containing a key entry with correct server certificate. (After initializing the KeyManagerFactory, pass its key managers to the init method of the SSLContext.)

After the SSLContext is initalized, get its SSLServerSocketFactory, and use that to create your listener.

KeyStore identity = KeyStore.getInstance(KeyStore.getDefaultType());
/* Load the keystore (a different one for each site). */
...
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = 
  KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(identity, password);
ctx.init(kmf.getKeyManagers(), null, null);
SSLServerSocketFactory factory = ctx.getServerSocketFactory();
ServerSocket server = factory.createSocket(port);