Problem with SSL , Tomcat Server
1 posts in topic
Flat View  Flat View

Posted By:   Sathiya_Narayanan
Posted On:   Tuesday, February 26, 2002 01:21 PM

When i execute the URL , "https://hostname:8443/" i got the following error message :
The certificate was issued by
a "certificate autority" that netscape doesnt recoganize. and it says Domain name mismatch. So what should i do?

Thanks,Earlier replY would be appriciated!

Re: Problem with SSL , Tomcat Server

Posted By:   Rodney_Russ  
Posted On:   Tuesday, February 26, 2002 10:19 PM

If you setup SSL as suggested in the Tomcat SSL Howto, then this is actually expected behavior. In order to understand this, you need to understand how SSL and Certificate Authorities (CA's) work.

When your browser tries to create an SSL connection, it receives a certificate from the server. Part of this certificate is the certificate of the authority that "verifies" the certificate of the server and signs it. Typically, this certificate is that of a trusted CA (e.g Verisign, Thawte, etc.). The certificates of trusted CA's are pre-loaded on browsers. So, when you tried to establish the SSL connection, your browser checks the certificate that signed the server certificate against the list of preloaded "trusted" CA's. If there isn't a match it warns you.

So, back to the instructions in the HOWTO. The instructions tell you how to create a self-signed certificate. When you tried to establish an SSL connection, your browser didn't recognize the certificate of the signer since you did not get one of the preloaded "trusted" CA's to sign your certificate. Hence the warning. Hope that helped.


About | Sitemap | Contact