[...]
So, would it be possible to just name the certificate with the servers name for example "Myserver" and this server could have a dynamic IP or needs the certificate to be named "www.myserver.com"?
The whole system I want to develop is that a user connects to a Server and triggers some commands to get/send data from or to a Dynamic IPServer. To connect the user to the static IPServer I use a SSL connection. For the connection to the dynamic IPServers I have the problem to authenticate them. Though the date and the company that issued it are known, cause its me, I don't need the IP address. An additional authentication will be done in the first one or two packets transferred between the servers to verfy its the correct one. How can I implement this in Tomcat or do I have to implement the whole authentication mechanism in my client, doing it manually instead of implementing it to tomcat?
*
Dynamic IPServer1*
/using SSL(server auth. not needed)/ *Static IPServer* /using ssl/ *User*
*Dynamic IPServer2
*Best regards Jochen
So this sounds to me that you want to implement the server yourself . Then it's completely your choice which certificates you'll accept. The match betwen Hostname/IP and CN is only needed if you want to serve a browser using https.
You should issue a certificate and set the CN to the user's name (or include some other information you need to verify that s/he should be given access, like the OU field) and check this in your server.
Kind regards Ted ;)
-- PGP Version: 2.6.3i Public Key Information Download complete Key from ftp://ftp.convey.de/ted/tedkey.asc Key fingerprint = 26 A9 0C 25 60 15 2C B2 D0 F3 A2 31 3D 35 F3 95
smime.p7s
Description: S/MIME Cryptographic Signature
