Menu
▾
▴
Re: [Unity-idm-discuss] Handle multiple certificates/domains for webserver part
|
From: Krzysztof B. <kb...@un...> - 2020-09-24 11:14:13
|
Dear Sander, W dniu 23.09.2020 o 14:09, Sander Apweiler pisze: > Dear Krzysztof, > > we switched in one of our instances the domain this summer. All > connected services already use the new domain, but users still found > the old domain and got a certificate mismatch warning from the browser. > Because the different domains are owned by different centres, we can't > use a certificate containing both domains. > > Is it possible to use two certificates and domain names in unity for > the webserver part? SAML and OAuth should be still handled with one > domain/entity ID. Separating webserver certificates from SAML/OAuth > should be possible with different credential definitions. Technically it is possible. The feature you are asking for is SNI extension of the TLS protocol. It is supported by Jetty and Java which Unity is using but Unity currently doesn't offer a way to setup Jetty with multiple credentials. We can have it implemented, however I can point you out to an alternative solution: you can expose Unity behind a (reverse) proxy server, like Apache. Unity supports it pretty well, we use it in production often. Then you get access to all features of the Apache (or other) server, where you can setup for instance SNI. HTH Krzysztof |
