On Tue, Mar 18, 2014 at 2:58 PM, Maria Cristina Siena < mariacristinasi...@sourcecable.net> wrote:
> Hi, > > I developed a web service using jax-ws and configured Tomcat to support > SSL connection. Here are my steps: > > ****** Step 1 - Generate a self-signed server certificate > > Use JDK 1.7 keytool: > > keytool -genkey -alias trackerdev -keypass changeit -storepass changeit > -keystore D:\Tomcat7\htdkeystore\trackerdev.ks -ext san=ip:xx.x.x.xxx > > Is CN=xx.x.x.xxx, OU=it, O=companynamehere, L=citynamehere, > ST=provincenamehere, C=ca correct? > [no]: yes > > They claim that the certificate is not properly signed. Well, I don't > know. It is a self-signed certificate. > > > How do they access your web service? Using the fully qualified machine name in the URL? Does CN=xx.x.x.xxx represent your server name? If the cert is created for your server name, and your other team is on the same network, all they need to do is place the cert in their trusted store and it should be fine. The name of the cert should be the same name your team would use to access your server. In other words, when your team views the certificate from their end, it should say something like: Issued to: your fully qualified server name Issued by: your fully qualified server name You are essentially issuing your server a cert "by" your server. Did this help or make it worse?