tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Lampert <>
Subject Re: About certificates in Tomcat SSL support
Date Fri, 13 Jan 2012 17:56:14 GMT
Mark H. Wood wrote:
> As already pointed out, there's your problem.  To identify a networked
> service, the value of CN should be the FQDN of the host providing the
> service.  (This is why people suddenly became interested in securing
> DNS:  we are relying on it to validate certificate bindings to services!)
> Yes, the prompts are confusing.  A recent release of OpenSSL, for
> example, just updated the CN prompt from "Common Name (eg, YOUR name)"
> to "Common Name (e.g. server FQDN or YOUR name)".

Thanks for the additional detail.

We now have the customer set up with a less-frightening self-signed 
certificate, specific to their domain, pending installation of a 
CA-signed certificate (which I sincerely hope is domain-specific).


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message