Using multiple SSL certificates in Tomcat 7

Without Server Name Indication (SNI), which is not supported in Java (6), you need one certificate per IP address.

You can configure Tomcat to use multiple connectors, with different IP addresses and certificates, using the address attribute.

For example:

<Connector 
       port="8443" maxThreads="200" address="10.0.0.1"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="keystore1.jks" keystorePass="..."
       clientAuth="false" sslProtocol="TLS"/>
<Connector 
       port="8443" maxThreads="200" address="10.0.0.2"
       scheme="https" secure="true" SSLEnabled="true"
       keystoreFile="keystore2.jks" keystorePass="..."
       clientAuth="false" sslProtocol="TLS"/>

You may also be able to use the same keystore, if you need, and use the keyAlias attribute (in Connector) to tell the connector which key/certificate to use (based on the alias name in the keystore).

I am not sure, here if "SNI" is really relevant.

But in your case, the typical solution would be so called ssloffloading or ssl Termination: i.e. put your tomcat behinde an apache, which configured to use multiple vhosts / domain names on the same ip. You could configure for each vhost in apache to use its own SSL certificate.

There is a step by step guide for this topic here:

http://milestonenext.blogspot.de/2012/09/ssl-offloading-with-modjk-part-1.html