> From: Melanie Pfefer [mailto:melanie_pfe...@yahoo.co.uk] > So you mean this error cannot be fixed? > All self-signed certificates have this problem when a browser > accesses the page using ssl?
If the browser doesn't trust the root certificate that certifies the self-signed cert, it will give at least a warning and in some cases an error. This is a good thing, as otherwise I could create a self-signed certificate that said my web server was https://www.paypal.com, trick your browser into visiting my server, and you wouldn't see a warning. Think of a certificate as being ID for that web server. A certificate signed by a root certificate authority (CA) that's trusted by the browser is like a passport - slow and expensive to get, but almost everybody trusts it as ID. A self-signed certificate is like a letter you've signed as proof of your own identity - fast and cheap to get, but not very good for proving who you are. Is your web application being used on the Internet, or within the company? If it's on the Internet, you really don't have a choice - if you want SSL and no warnings, you'll have to get a certificate signed by a well-known certificate authority, and you'll have to pay the money for that. If it's on your internal network, the alternative is to add your company root CA to the browsers' trust list, then use an internally-generated cert. You still can't use a *self-signed* cert as they're always one-offs, but you can generate one from your company CA if you have it. Clearly if you don't have a company CA, you can't do this! - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
