Re: SSL with dynamic IP

[Jochen Schaefer]

Dr. Stephen Henson wrote:

On Wed, Apr 07, 2004, Jochen Schaefer wrote:

 

Hi everybody,

does anybody know how to accept a SSL certificate where only the 
certificate date and the company which issued it have to be valid?
I want to establish a SSL connection between 2 tomcat web server where 
both have the possibility to access each other. One has a static ip the 
other one a dynamic ip.

   

There's no reason in principle why you can't do that. In practice there needs
to be some way to authenticate the server. The usual way is to match the user
supplied hostname to that in the certificate.
If you want to do something else then how or if you can do it depends on the
client software.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
 

So, would it be possible to just name the certificate with the servers 
name for example "Myserver" and this server could have a dynamic IP or 
needs the certificate to be named "www.myserver.com"?

The whole system I want to develop is that a user connects to a Server 
and triggers some commands to get/send data from or to a Dynamic 
IPServer. To connect the user to the static IPServer I use a SSL 
connection. For the connection to the dynamic IPServers I have the 
problem to authenticate them. Though the date and the company that 
issued it are known, cause its me, I don't need the IP address. An 
additional authentication will be done in the first one or two packets 
transferred between the servers to verfy its the correct one. How can I 
implement this in Tomcat or do I have to implement the whole 
authentication mechanism in my client, doing it manually instead of 
implementing it to tomcat?
*
Dynamic IPServer1*
                                 /using SSL(server auth. not needed)/   
*Static IPServer*        /using ssl/           *User*
*Dynamic IPServer2

*Best regards
Jochen
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]