> -----Original Message----- > From: Martin Gainty [mailto:mgai...@hotmail.com] > Sent: Monday, March 18, 2013 6:22 PM > To: Tomcat Users List > Subject: RE: SSL Best Practices > > Jeff > > do you have keystore and certificate..if not go to verisign and get a > CATrusted pfx... > the cost is worth it and anything you create with a self-signed cert > will be broken in less than 5 min > > Feel free to Pingback if you have any questions. > > Martin > > > > > > From: jeffrey.jan...@polydyne.com > > To: users@tomcat.apache.org > > Subject: RE: SSL Best Practices > > Date: Mon, 18 Mar 2013 13:34:44 +0000 > > > > > -----Original Message----- > > > From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] > > > Sent: Friday, March 15, 2013 3:03 PM > > > To: users@tomcat.apache.org > > > Subject: SSL Best Practices > > > > > > Gentlemen (Ladies): > > > > > > > > > > > > I am looking for a published "best practice" on editing the > > > SERVER.XML configuration file to use SSL/HTTPS. The key are > imported > > > into the keystore. > > > > > > > > > > > > Any input is appreciated. > > > > > > > > > > > > Jeff Fisher > > > > > > Omaha, NE > > > > I would start by reading the Tomcat Documentation on the subject. > > It's pretty straightforward. > > Jeff > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > >
I am not sure what you mean by "anything you create with a self-signed cert will be broken in less than 5 min". It depends on the purpose and certificate use in his organization. If his organization already has its own CA and issues its own certificates, and this will be used only as an internal system, then self-signed certificates issued by an internal CA are fine. If the system is only for testing, or communicates with a limited number of systems (i.e., it is a firewalled backend system that only communicates with a front-end system), then again, a self-signed certificate would be fine. If his organization already uses PKI certificates, then he should follow the rules established in his organization's Certificate Practice Statement, if it has issued one. I do agree that if this is a public facing system, or one in an organization with a large number of users that does not have its own CA infrastructure, then a commercial certificate would be the best choice. Jeffrey Harris This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
