[ale] Certificate SigningRe: [ale] Certificate Signing

cfowler cfowler at outpostsentinel.com
Thu Jan 16 22:41:49 EST 2003 


Here is one error I get in Konqueror

You have indicated that you wish to accept this certificate, but it is not
issued to the server who is presenting it. Do you wish to continue loading?

I assume this is because my hostname is different?


On 12/31/1969, "cfowler" <cfowler at outpostsentinel.com> wrote:

>
>Where I'm confused is where each key is verified via the hostname.  Is this
>correct?  Since 1000 units can have the same stunnel.pem, each one  will
have
>a unique IP and hostname.  Will this cause and issue?
>
>
>
>
>On 12/31/1969, "Jason Day" <jasonday at worldnet.att.net> wrote:
>
>>On Thu, Jan 16, 2003 at 11:36:20PM +0000, cfowler wrote:
>>> We have a software package that ahs the file 'stunnel.pem' on it.  I
>generated
>>> this certificate then placed it in the software package.  The embedded
>device
>>> has *no* capablity to generate certificates.  So the *same* stunnel.pem
>file
>>> is distributed among 1000 units.  If you used cat on unit one and cat on
>unit
>>> 1000 they would look the same.  How do I sign this file so that Java and
>my
>>> web browser do not complain when they connect?
>>
>>You have to pay a CA like Verisign or Thawte to sign it for you.  It's
>>been several years since I've needed a certificate signed, but it would
>>run about $100 a few years ago, not sure what it costs now.
>>
>>You can, of course, tell your browser to stop complaining, but you have
>>to do that for each client.
>>
>>As for Java, I assume you are using JSSE?  You can use keytool (comes
>>with JDK, but not JRE) to import your certificate and tell java to trust
>>it.  Just import the certificate into a file called jssecacerts and put
>>that file in your jre/lib/security directory.  Even then, you will still
>>have to do a little coding to make JSSE behave.  I can send you a
>>snippet later if it will help.
>>
>>Jason
>>--
>>Jason Day                                       jasonday at
>>http://jasonday.home.att.net                    worldnet dot att dot net
>>
>>"Of course I'm paranoid, everyone is trying to kill me."
>>    -- Weyoun-6, Star Trek: Deep Space 9
>>_______________________________________________
>>Ale mailing list
>>Ale at ale.org
>>http://www.ale.org/mailman/listinfo/ale
>>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list