Based on this discussion: https://www.mail-archive.com/users@tomcat.apache.org/msg134872.html There should be an option to access the used server certificate from the current request being served by one TLS context. As easy as: request.getAttribute("magic_name") Return would be, similar to client certs, X509Certificate or X509Certificate[]. This requires these changes (non-exhaustive): * SSLSupport implementations * Define a new property in SSLSupport and org.apache.catalina.Globals for the server cert * org.apache.catalina.util.TLSUtil.isTLSRequestAttribute(String) and its callers * org.apache.coyote.AbstractProcessor.populateSslRequestAttributes() to add new attribute to the request * SSLValve to read server cert from reverse proxy, CGI var SSL_SERVER_CERT * AJP and friends to deliver this piece of information
Based on the Discussion (https://www.mail-archive.com/users@tomcat.apache.org/msg142103.html) with Mark, Please add the ability to get the SNI name used by TLS. For each request, this will give the ability to know the application that was SNI hostname used to connect to the server.