On 12 Jan 2012, at 17:15, James Lampert <jam...@touchtonecorp.com> wrote:
> Scenario: > > I created a self-signed certificate for the box I was testing: > CN = James Lampert > OU = Development Lab > O = Touchtone Corporation > L = Costa Mesa > ST = California > C = US > > I then installed it into the Tomcat server on that box. Connecting to the > site with Firefox, I was told that the certificate was not trusted, and asked > whether to trust it. After I said to trust it, Firefox now lets me in without > further question. > > Then, I temporarily installed the certificate on a customer's Tomcat server, > just to verify that SSL support was working there. When I connected to it > with Firefox, the initial message questioning the validity of the certificate > said something about it being for a different server (so far as I'm aware, it > isn't for *any* particular server). > > Looking at the two Tomcat servers in Microsloth Imploder, even after telling > it to trust the certificate, I consistently get a message, "The security > certificate presented by this website was issued for a different website's > address." > > Looking at the two Tomcat servers in a different version of Firefox, on a > different WinDoze box, both Tomcat servers give me the message, that it is > not trusted because it is self-signed, and that it is only valid for James > Lampert. > > What exactly do I need to do, for a certificate to be recognized as the > correct one for a given server? The Common Name must match the domain name of the server as seen by the client. > Also: we have a CA-signed certificate that we use to sign JARs. Is that the > same sort of certificate used for Tomcat? You would need to purchase a different one to comply with the terms of purchase anyhow. p > -- > JHHL > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org