Re: multiple domain name support for https
On Wed, Mar 30, 2005 at 12:40:34AM -0600, Sasisekar S Sundaram wrote: : Few browsers (like Mozilla) are giving a warning message == Security Error: : Doamin Name Mismatch with https. : [snip] : It is important for me to over ride this Warning : message in our production environment. I read somewhere that I can override : the HostnameVerifier interface and achieve the solution. Can some one guide me : about how to modify it and integrate with Tomcat. I appreciate your time. The SSL cert warning comes from the browser side, not the server side. (SSL-enabled clients get a copy of the server cert during the handshake, and can run any sort of tests against it.) So you'd have to modify the source of the client browser, not Tomcat. If one could override this behavior at the server side, that would defeat that whole verification feature of SSL. =) Someone else suggested you do a redirect to the host for which the cert is named. You can do this as long as the redirect happen in cleartext mode. Again, since the SSL cert exchange happens during the handshake -- before the server gets a chance to respond with a 30x redirect message -- you can't do this if the client first connects to the SSL-enabled port. -QM -- software -- http://www.brandxdev.net/ tech news -- http://www.RoarNetworX.com/ code scan -- http://www.JxRef.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: multiple domain name support for https
One way is to redirect all requests if the request.getServerName() dont return the hostname for which SSL certificate is issued. This can be done in entry pages to your site. On Wed, 30 Mar 2005 00:40:34 -0600, Sasisekar S Sundaram [EMAIL PROTECTED] wrote: Hi, Few browsers (like Mozilla) are giving a warning message == Security Error: Doamin Name Mismatch with https. I understand that the error is because i have two domain names, like www.mycompany.com and mycompany.com for the same IP, and the certificate of tomcat contains only one of the 2 names. I understand that i can not create another certificate, and i can not even use Name-based virtual hosts. It is important for me to over ride this Warning message in our production environment. I read somewhere that I can override the HostnameVerifier interface and achieve the solution. Can some one guide me about how to modify it and integrate with Tomcat. I appreciate your time. Thank you Regards, Sasisekar S Sundaram Research Assistant Center For Business and Information Technology (CBIT) University of Louisiana, Lafayette Ph: (337) 482 0618 -- rgds Antony Paul http://www.geocities.com/antonypaul24/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: multiple domain name support for https
Thanks Antony ! - Original Message - From: Antony Paul [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, March 30, 2005 12:57 AM Subject: Re: multiple domain name support for https One way is to redirect all requests if the request.getServerName() dont return the hostname for which SSL certificate is issued. This can be done in entry pages to your site. On Wed, 30 Mar 2005 00:40:34 -0600, Sasisekar S Sundaram [EMAIL PROTECTED] wrote: Hi, Few browsers (like Mozilla) are giving a warning message == Security Error: Doamin Name Mismatch with https. I understand that the error is because i have two domain names, like www.mycompany.com and mycompany.com for the same IP, and the certificate of tomcat contains only one of the 2 names. I understand that i can not create another certificate, and i can not even use Name-based virtual hosts. It is important for me to over ride this Warning message in our production environment. I read somewhere that I can override the HostnameVerifier interface and achieve the solution. Can some one guide me about how to modify it and integrate with Tomcat. I appreciate your time. Thank you Regards, Sasisekar S Sundaram Research Assistant Center For Business and Information Technology (CBIT) University of Louisiana, Lafayette Ph: (337) 482 0618 -- rgds Antony Paul http://www.geocities.com/antonypaul24/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]