Re: Expired Self-Signed Certificates?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 2/17/2009 3:03 PM, Furman, Mark wrote: Thanks Serge. I believe that answers my question. Note that, if your client app is Java-based, the Java HTTPS provider will do all that checking for you, and should be complaining about the non-validity of the SSL certificate. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmccKIACgkQ9CaO5/Lv0PAaNgCfdcFbdnS77Lwj357K3MDlepg3 MSgAn2J+sv56A37f1kXjZjqm+GVrCdvG =KZ+W -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Expired Self-Signed Certificates?
We have noticed that our expired self-signed certificates are still functioning with no error messages. When using self-signed certificates with Tomcat 6, are the expiration dates valid?
Re: Expired Self-Signed Certificates?
Hi, We have noticed that our expired self-signed certificates are still functioning with no error messages. What error messages would you expect?Is there nothing displayed prior to showing the page? Regards, Serge Fonville
RE: Expired Self-Signed Certificates?
Our application is using a SSL connection to communicate with Tomcat. If we were using a browser I might expect to see a connection denied response or an invalid certificate message in the Tomcat logs. R/ Mark -Original Message- From: Serge Fonville [mailto:serge.fonvi...@gmail.com] Sent: Tuesday, February 17, 2009 2:41 PM To: Tomcat Users List Subject: Re: Expired Self-Signed Certificates? Hi, We have noticed that our expired self-signed certificates are still functioning with no error messages. What error messages would you expect?Is there nothing displayed prior to showing the page? Regards, Serge Fonville - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Expired Self-Signed Certificates?
Thanks Serge. I believe that answers my question. -Original Message- From: Serge Fonville [mailto:serge.fonvi...@gmail.com] Sent: Tuesday, February 17, 2009 2:56 PM To: Tomcat Users List Subject: Re: Expired Self-Signed Certificates? Our application is using a SSL connection to communicate with Tomcat. If we were using a browser I might expect to see a connection denied response or an invalid certificate message in the Tomcat logs. SSL does not allow or deny connections by itself, it's just a means to verify the validity of the connecting party.It is upto the implementation to verify if the certificate is valid. SSL operates on top of IP and encrypts all traffic whether the other party is trusthworty is up to the application that is setting up the connection to determine. Certificates are a means to verify the other party is who they say they are by means of acknowledgement of a recognized authority. If you wan't your application to deny the connection if the certificate is expired, the application must be written to do so. Hope this helps, Serge Fonville - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org