tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pid *" <...@pidster.com>
Subject Re: About certificates in Tomcat SSL support
Date Thu, 12 Jan 2012 17:21:49 GMT
On 12 Jan 2012, at 17:15, James Lampert <jamesl@touchtonecorp.com> wrote:

> Scenario:
>
> I created a self-signed certificate for the box I was testing:
> CN = James Lampert
> OU = Development Lab
> O = Touchtone Corporation
> L = Costa Mesa
> ST = California
> C = US
>
> I then installed it into the Tomcat server on that box. Connecting to the site with Firefox,
I was told that the certificate was not trusted, and asked whether to trust it. After I said
to trust it, Firefox now lets me in without further question.
>
> Then, I temporarily installed the certificate on a customer's Tomcat server, just to
verify that SSL support was working there. When I connected to it with Firefox, the initial
message questioning the validity of the certificate said something about it being for a different
server (so far as I'm aware, it isn't for *any* particular server).
>
> Looking at the two Tomcat servers in Microsloth Imploder, even after telling it to trust
the certificate, I consistently get a message, "The security certificate presented by this
website was issued for a different website's address."
>
> Looking at the two Tomcat servers in a different version of Firefox, on a different WinDoze
box, both Tomcat servers give me the message, that it is not trusted because it is self-signed,
and that it is only valid for James Lampert.
>
> What exactly do I need to do, for a certificate to be recognized as the correct one for
a given server?

The Common Name must match the domain name of the server as seen by the client.


> Also: we have a CA-signed certificate that we use to sign JARs. Is that the same sort
of certificate used for Tomcat?

You would need to purchase a different one to comply with the terms of
purchase anyhow.


p


> --
> JHHL
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message