Tuesday, February 26, 2002 10:19 PM
If you setup SSL as suggested in the Tomcat SSL Howto, then this is actually expected behavior. In order to understand this, you need to understand how SSL and Certificate Authorities (CA's) work.
When your browser tries to create an SSL connection, it receives a certificate from the server. Part of this certificate is the certificate of the authority that "verifies" the certificate of the server and signs it. Typically, this certificate is that of a trusted CA (e.g Verisign, Thawte, etc.). The certificates of trusted CA's are pre-loaded on browsers. So, when you tried to establish the SSL connection, your browser checks the certificate that signed the server certificate against the list of preloaded "trusted" CA's. If there isn't a match it warns you.
So, back to the instructions in the HOWTO. The instructions tell you how to create a self-signed certificate. When you tried to establish an SSL connection, your browser didn't recognize the certificate of the signer since you did not get one of the preloaded "trusted" CA's to sign your certificate. Hence the warning. Hope that helped.