CN is actually taken as the web server's name on which the site is running. This is kind of a check that the certificate is coming from the same server on which the site is running, because if it is coming from another server then it could be fraud.
cheers Tathagat -----Original Message----- From: randie ursal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 08:53 To: A mailing list for discussion about Sun Microsystem's Java Servlet API Technology. Cc: Tomcat Users List; [EMAIL PROTECTED] Subject: SSL in Tomcat hi, sorry for this off the list topic but i really need some idea. when i created my self-signed certificate using keytool to make SSL available in Tomcat i specify in my certificate information ex. keytool -genkey -dname "CN=Mark Smith, OU=JavaSoft, O=Sun, L=Cupertino, S=California, C=US" -alias mark but when i access my webserver both through browser and java application by using "https://carnelian:8443/testApp" i got and exception which says that HTTPS hostname is wrong or certificate is not the same as site name. so i change the "CN" key equal to my hostname (ex."Carnelian"), now it works...why is this? keytool docs says that "CN" could be any valid full name...just like the example above when i use "Mark Smith". is there a way i can specify the certificate information using the full name instead of the web server hostname?....and access it using https without getting an exception. i'm using Apache Tomcat 4.0, JSSE1.0.3, JDK1.3.1 thanks in advance randie -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> ---------------------------------------------------------------------- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. ---------------------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>