|
|
|
Re: [CDO] Cert management for SSL connections to CDO server [message #977135 is a reply to message #976946] |
Fri, 09 November 2012 04:00 |
|
Am 09.11.2012 01:13, schrieb Warwick Burrows:
> A followup to this for those who might be interested. It seems that the cert usage is to establish the ssl ocnnection
> only and the client simply needs to trust the server. So if you deploy a cert on the server in a java keystore and
> just add the cert issuer to your truststore on the client it will theoretically be ok. Then as long as you keep your
> server cert valid the clients should not need to be changed. This is coming from discussions with our deployment team
> but we have yet to prove that. Hoewever we do have a self-signed cert in dev that seems to work this way.
>
> It may also be possible to tie an identity with the client cert and do client auth but we aren't doing that right now.
Warwick, Thanks for the infos! I must admit that I'm totally unexperienced with the SSLEngine. When you're sure about
these things it would be cool if you could write up/contribute a small setup description, perhaps in the form of Javadoc
for SSLUtil?
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
Cheers
/Eike
----
http://www.esc-net.de
http://thegordian.blogspot.com
http://twitter.com/eikestepper
|
|
|
|
|
|
|
Powered by
FUDForum. Page generated in 0.03196 seconds