Mark H. Wood wrote:
As already pointed out, there's your problem. To identify a networked
service, the value of CN should be the FQDN of the host providing the
service. (This is why people suddenly became interested in securing
DNS: we are relying on it to validate certificate bindings to services!)
Yes, the prompts are confusing. A recent release of OpenSSL, for
example, just updated the CN prompt from "Common Name (eg, YOUR name)"
to "Common Name (e.g. server FQDN or YOUR name)".
Thanks for the additional detail.
We now have the customer set up with a less-frightening self-signed
certificate, specific to their domain, pending installation of a
CA-signed certificate (which I sincerely hope is domain-specific).
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
