Re: Apache Tomcat https setup

From:

=?ISO-8859-1?Q?Arne_Vajh=F8j?= <arne@vajhoej.dk>

Newsgroups:

comp.lang.java.programmer

Date:

Wed, 13 Oct 2010 19:57:46 -0400

Message-ID:

<4cb6477b$0$23761$14726298@news.sunsite.dk>

On 13-10-2010 13:49, zigzagdna wrote:

Yes, pop-up message is for what you say. I did not go to each user's
browser; instead when I was running java commands on web server to
install certficates in a kety store which is used by Tomcat; java
command asked me whether certificate is to be trusted.
How does browser decides whether
"certificate is not signed by a trusted authority". Is certifcate have
to be installed in some place on user's PC. If yes where?

This is a security feature.

If a site claims to be java.sun.com and the certificate is
signed by a company that the browser know, then there is no
need to ask.

If the browser does not know the signer of the certificate,
then you get prompted.

There are no way you can disable that server side. For
obvious reasons otherwise the hackers would let their
fake java.sun.com disable the check as well.

You either need to buy a certificate from one of the
known vendors or install the the signing certificate
at each client PC.

How depends on OS and browser.

Arne