HowTo setup Tomcat serving two SSL Certificates using SNI?

Question

According to these two answers [1] [2] it\'s possible to have two SSL certificates serving from the same Apache Tomcat using Server Name Indication (SNI).

My question

Answer 1

You need to re-read the answers to those question. SNI is not supported on the server side until Java 8. The minimum Java version that Tomcat 8 has to support is Java 7 so at the moment there i no SNI support in Tomcat.

It may be possible to optionally support SNI if Tomcat is running on Java 8 or later but that would need code changes in Tomcat for which there are currently no plans.

Update as of December 2014:

Adding SNI support is on the TODO list for Tomcat 9. That TODO list is quite long and SNI is not currently at the top of the list. As always patches are welcome.

Once SNI is implemented in Tomcat 9 it is possible that SNI support might be back-ported to Tomcat 7 and Tomcat 8. Again, patched welcome.

Update as of June 2015:

SNI has been implemented for Tomcat 9. It is supported by all three HTTP connector implementations (NIO, NIO2 and APR/native). To use SNI with NIO or NIO2 you will need to compile Tomcat 9 (a.k.a. trunk) from source. To use SNI with APR/native you will also need to compile tc-native trunk (not the 1.1.x branch currently used by the Tomcat releases).

TLS configuration has changed significantly to support SNI. Details will be in the docs web application once you have build Tomcat 9.

Update as of November 2016:

SNI support is included in Tomcat 8.5.x. It is unlikely it will be back-ported further. i.e. It is unlikely to make it to 8.0.x or 7.0.x.