Re: SSL Best Practices

2013-03-20 Thread Ognjen Blagojevic
Jeffrey, On 19.3.2013 15:33, Jeffrey D. Fisher wrote: Yes, I do have a CA-issued certificate with a chain to a trusted CA. I've imported it to the keystore. I am close to a solution. When I attempt to open the default Apache web page using https: I get an error page that says that the server

RE: SSL Best Practices

2013-03-20 Thread Jeffrey Janner
-Original Message- From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] Sent: Tuesday, March 19, 2013 9:34 AM To: 'Tomcat Users List'; mgai...@hotmail.com Subject: RE: SSL Best Practices Yes, I do have a CA-issued certificate with a chain to a trusted CA. I've imported

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
-Original Message- From: cjder...@gmail.com [mailto:cjder...@gmail.com] On Behalf Of chris derham Sent: Tuesday, March 19, 2013 1:58 AM To: Tomcat Users List Subject: Re: SSL Best Practices If the system is only for testing, or communicates with a limited number of systems

RE: SSL Best Practices

2013-03-19 Thread Martin Gainty
Best Practices -Original Message- From: cjder...@gmail.com [mailto:cjder...@gmail.com] On Behalf Of chris derham Sent: Tuesday, March 19, 2013 1:58 AM To: Tomcat Users List Subject: Re: SSL Best Practices If the system is only for testing, or communicates

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
-Original Message- From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Tuesday, March 19, 2013 7:35 AM To: Tomcat Users List Subject: RE: SSL Best Practices 1)Have you ever tried to coerce IE to accept a self-signed cert 2)if you purchase a pfx with a self-signed certificate

RE: SSL Best Practices

2013-03-19 Thread Jeffrey D. Fisher
...@hotmail.com] Sent: Monday, March 18, 2013 5:22 PM To: Tomcat Users List Subject: RE: SSL Best Practices Jeff do you have keystore and certificate..if not go to verisign and get a CATrusted pfx... the cost is worth it and anything you create with a self-signed cert will be broken in less than 5 min Feel

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
-Original Message- From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] Sent: Tuesday, March 19, 2013 10:34 AM To: 'Tomcat Users List'; mgai...@hotmail.com Subject: RE: SSL Best Practices Yes, I do have a CA-issued certificate with a chain to a trusted CA. I've imported

Re: SSL Best Practices

2013-03-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 3/18/13 6:21 PM, Martin Gainty wrote: do you have keystore and certificate..if not go to verisign and get a CATrusted pfx... the cost is worth it and anything you create with a self-signed cert will be broken in less than 5 min

Re: SSL Best Practices

2013-03-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 3/19/13 7:34 AM, Martin Gainty wrote: 1)Have you ever tried to coerce IE to accept a self-signed cert This is a trust issue, not a security issue. They are related, but not equivalent. 2)if you purchase a pfx with a self-signed

RE: SSL Best Practices

2013-03-19 Thread Jeffrey D. Fisher
: SSL Best Practices -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 3/19/13 7:34 AM, Martin Gainty wrote: 1)Have you ever tried to coerce IE to accept a self-signed cert This is a trust issue, not a security issue. They are related, but not equivalent. 2)if you purchase a pfx

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
-Original Message- From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] Sent: Tuesday, March 19, 2013 11:28 AM To: 'Tomcat Users List' Subject: RE: SSL Best Practices Could we dispense with the ego-clanking, please? Really? Keep in mind that EVERYONE has the same problem

Re: SSL Best Practices

2013-03-19 Thread Mark Thomas
On 19/03/2013 15:28, Jeffrey D. Fisher wrote: Could we dispense with the ego-clanking, please? Really? Keep in mind that EVERYONE has the same problem regardless of your IQ level: for everything you know there are three to five things you do not know and at least one that you do not know you

RE: SSL Best Practices

2013-03-18 Thread Jeffrey Janner
-Original Message- From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] Sent: Friday, March 15, 2013 3:03 PM To: users@tomcat.apache.org Subject: SSL Best Practices Gentlemen (Ladies): I am looking for a published best practice on editing the SERVER.XML configuration

RE: SSL Best Practices

2013-03-18 Thread Martin Gainty
To: users@tomcat.apache.org Subject: RE: SSL Best Practices Date: Mon, 18 Mar 2013 13:34:44 + -Original Message- From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] Sent: Friday, March 15, 2013 3:03 PM To: users@tomcat.apache.org Subject: SSL Best Practices

RE: SSL Best Practices

2013-03-18 Thread Harris, Jeffrey E.
-Original Message- From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Monday, March 18, 2013 6:22 PM To: Tomcat Users List Subject: RE: SSL Best Practices Jeff do you have keystore and certificate..if not go to verisign and get a CATrusted pfx... the cost is worth

Re: SSL Best Practices

2013-03-18 Thread chris derham
If the system is only for testing, or communicates with a limited number of systems (i.e., it is a firewalled backend system that only communicates with a front-end system), then again, a self-signed certificate would be fine. +1 If his organization already uses PKI certificates, then he

Re: SSL Best Practices

2013-03-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/15/13 4:02 PM, Jeffrey D. Fisher wrote: I am looking for a published best practice on editing the SERVER.XML configuration file to use SSL/HTTPS. The key are imported into the keystore. Any input is appreciated. What