tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ognjen Blagojevic <ogn...@etf.bg.ac.rs>
Subject Re: SSL Using IP Addresses
Date Thu, 13 Aug 2009 15:47:18 GMT
Jeff Sexton wrote:
> We have a situation where we need to call a SOAP service in a
> Glassfish server via HTTPS from a servlet in Tomcat.  We extract a
> self-signed certificate from Glassfish and imported it on the Tomcat
> server.  It all works in situations where we can use the
> fully-qualified host name in the request and in the alias of the
> certificate when importing on the Tomcat server.
> 
> But we need to operate in an environment with a name service.  When we
> try to use the IP address of the Glassfish server in the HTTPS call
> and in the certificate alias, the call fails with a "no subject
> alternate name" exception.
> 
> In Glassfish to Glassfish calls, using the IP address works fine.
> 
> Does anyone know how to make an SSL call from a Tomcat server using
> the IP address only?  Is it even possible?

I'm not 100% sure, but I think it is not possible.

Your server certificate have Common Name (CN) which can match either 
FQDN (server.company.com) or IP (123.123.123.123) - not both.

You can, however, try to workaround your inability to contact DNS server 
by manually inserting the adress to the "hosts" file, if you have 
permission to do that.

Regards,
Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message