-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Martin,
On 3/18/13 6:21 PM, Martin Gainty wrote: > do you have keystore and certificate..if not go to verisign and get > a CATrusted pfx... > > the cost is worth it and anything you create with a self-signed > cert will be broken in less than 5 min Using a "trusted" CA gains you absolutely nothing when it comes to security through encryption. The only reason to ever use a "trusted" CA is so that your clients can have some level of trust that your site is who you say it is. That's why they are called trusted 3rd-parties. Realistically, even getting a "trusted" CA to sign your certificate doesn't help: most CAs blindly sign any request they get as long as you have a couple hundred dollars. At least with "EV" certificates, the CAs are supposed to verify that you are who you say you are, but personal experience with a few well-known CAs lets me know that it's not true research. If you have the cash to pay for the certificate, you can get an EV certificate *by self-assertion* that you are who you say you are, which is, of course, contrary to the whole EV scheme. But, the encryption will work regardless of whether the certificate has been self-signed. You will not be hacked in 5 minutes (or if you do, it has nothing to do with whether you signed your own certificate or not). Stop spreading FUD. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlFIePkACgkQ9CaO5/Lv0PDqGwCfauMsrxBbfu+PjDkhG/grDozs 3twAoIsRCV45/HfhhnFlE+S/exClhtxQ =HTHQ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
