Hello Randie, check this page out. http://mindprod.com/jglosskeytool.html
cheers Tathagat -----Original Message----- From: randie ursal [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 03, 2002 09:12 To: Tomcat Users List Subject: Re: SSL in Tomcat thanks Tathagat, but i was just wondering why on the keytool documentation the CN is having a value of the subjects full name...and not the web servers name. is this a documentation error on "keytool" on java? Tathagat (London) wrote: >CN is actually taken as the web server's name on which the site is running. >This is kind of a check that the certificate is coming from the same server >on which the site is running, because if it is coming from another server >then it could be fraud. > >cheers >Tathagat > >-----Original Message----- >From: randie ursal [mailto:[EMAIL PROTECTED]] >Sent: Tuesday, September 03, 2002 08:53 >To: A mailing list for discussion about Sun Microsystem's Java Servlet >API Technology. >Cc: Tomcat Users List; [EMAIL PROTECTED] >Subject: SSL in Tomcat > > >hi, > >sorry for this off the list topic but i really need some >idea. > > when i created my self-signed certificate using keytool to make SSL > available in Tomcat i specify in my certificate information > > ex. > keytool -genkey -dname "CN=Mark Smith, OU=JavaSoft, O=Sun, L=Cupertino, > > S=California, C=US" -alias mark > > but when i access my webserver both through browser and java application > by using "https://carnelian:8443/testApp" > i got and exception which says that HTTPS hostname is wrong or certificate > > is not the same as site name. > > so i change the "CN" key equal to my hostname (ex."Carnelian"), now it > works...why is this? > > keytool docs says that "CN" could be any valid full name...just like the > example above when i use "Mark Smith". > > is there a way i can specify the certificate information using the full > name instead of the web server hostname?....and access it using https > without getting an exception. > > i'm using Apache Tomcat 4.0, JSSE1.0.3, JDK1.3.1 > >thanks in advance > > randie > > > > > > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> ---------------------------------------------------------------------- If you have received this e-mail in error or wish to read our e-mail disclaimer statement and monitoring policy, please refer to http://www.drkw.com/disc/email/ or contact the sender. ---------------------------------------------------------------------- -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>