tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Lampert <jam...@touchtonecorp.com>
Subject Re: About certificates in Tomcat SSL support
Date Fri, 13 Jan 2012 17:56:14 GMT
Mark H. Wood wrote:
> As already pointed out, there's your problem.  To identify a networked
> service, the value of CN should be the FQDN of the host providing the
> service.  (This is why people suddenly became interested in securing
> DNS:  we are relying on it to validate certificate bindings to services!)
> 
> Yes, the prompts are confusing.  A recent release of OpenSSL, for
> example, just updated the CN prompt from "Common Name (eg, YOUR name)"
> to "Common Name (e.g. server FQDN or YOUR name)".

Thanks for the additional detail.

We now have the customer set up with a less-frightening self-signed 
certificate, specific to their domain, pending installation of a 
CA-signed certificate (which I sincerely hope is domain-specific).

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message