hi keytool is for generating cetificates...... you can give any name you want thatz nothing to do with the server. But if you install the cetificate in tomcat4.0 and access it , obviously it will throw an error saying that the certificate name and host name are not same.
The name of the certificate and the host name must match....... you can't use any other name... bcoz the certificate is issued to that site so it should match other wise it is not a valid certifiate...... If i was wrong plz correct me hth phani ----- Original Message ----- From: Luis Cornide Arce <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, September 03, 2002 2:38 PM Subject: Re: SSL in Tomcat > I think that the common name (CN) is the name of the secure server in > which you are going to install the certificate, is a very common > misunderstanding, at least, that was what I read at the versisgn site > when I was trying to obtain a trial certificate. > I hope this help. > > Luis > > randie ursal wrote: > > > hi, > > > > sorry for this off the list topic but i really need some > > idea. > > > > when i created my self-signed certificate using keytool to make SSL > > available in Tomcat i specify in my certificate information > > > > ex. > > keytool -genkey -dname "CN=Mark Smith, OU=JavaSoft, O=Sun, > > L=Cupertino, > > S=California, C=US" -alias mark > > > > but when i access my webserver both through browser and java application > > by using "https://carnelian:8443/testApp"; > > i got and exception which says that HTTPS hostname is wrong or > > certificate > > is not the same as site name. > > > > so i change the "CN" key equal to my hostname (ex."Carnelian"), now it > > works...why is this? > > > > keytool docs says that "CN" could be any valid full name...just like the > > example above when i use "Mark Smith". > > > > is there a way i can specify the certificate information using the full > > name instead of the web server hostname?....and access it using https > > without getting an exception. > > > > i'm using Apache Tomcat 4.0, JSSE1.0.3, JDK1.3.1 > > > > thanks in advance > > > > randie > > > > =========================================================================== > > > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > > JSP-INTEREST". > > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > > DIGEST". > > Some relevant FAQs on JSP/Servlets can be found at: > > > > http://archives.java.sun.com/jsp-interest.html > > http://java.sun.com/products/jsp/faq.html > > http://www.esperanto.org.nz/jsp/jspfaq.jsp > > http://www.jguru.com/faq/index.jsp > > http://www.jspinsider.com > > > > > > =========================================================================== > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://archives.java.sun.com/jsp-interest.html > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.jsp > http://www.jguru.com/faq/index.jsp > http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
