RE: SSL Best Practices

2013-03-20 Thread Jeffrey Janner
> -Original Message- > From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] > Sent: Tuesday, March 19, 2013 9:34 AM > To: 'Tomcat Users List'; mgai...@hotmail.com > Subject: RE: SSL Best Practices > > Yes, I do have a CA-issued certificate with

Re: SSL Best Practices

2013-03-20 Thread Ognjen Blagojevic
Jeffrey, On 19.3.2013 15:33, Jeffrey D. Fisher wrote: Yes, I do have a CA-issued certificate with a chain to a trusted CA. I've imported it to the keystore. I am close to a solution. When I attempt to open the default Apache web page using "https:" I get an error page that says that the serve

Re: SSL Best Practices

2013-03-19 Thread Mark Thomas
On 19/03/2013 15:28, Jeffrey D. Fisher wrote: > Could we dispense with the ego-clanking, please? Really? Keep in > mind that EVERYONE has the same problem regardless of your IQ level: > for everything you know there are three to five things you do not > know and at least one that you do not know

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
> -Original Message- > From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] > Sent: Tuesday, March 19, 2013 11:28 AM > To: 'Tomcat Users List' > Subject: RE: SSL Best Practices > > Could we dispense with the ego-clanking, please? Really? Keep in mi

RE: SSL Best Practices

2013-03-19 Thread Jeffrey D. Fisher
: SSL Best Practices -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 3/19/13 7:34 AM, Martin Gainty wrote: > 1)Have you ever tried to coerce IE to accept a self-signed cert This is a trust issue, not a security issue. They are related, but not equivalent. > 2)if you purchase

Re: SSL Best Practices

2013-03-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 3/19/13 7:34 AM, Martin Gainty wrote: > 1)Have you ever tried to coerce IE to accept a self-signed cert This is a trust issue, not a security issue. They are related, but not equivalent. > 2)if you purchase a pfx with a self-signed cert

Re: SSL Best Practices

2013-03-19 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 3/18/13 6:21 PM, Martin Gainty wrote: > do you have keystore and certificate..if not go to verisign and get > a CATrusted pfx... > > the cost is worth it and anything you create with a self-signed > cert will be broken in less than 5 min

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
> -Original Message- > From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] > Sent: Tuesday, March 19, 2013 10:34 AM > To: 'Tomcat Users List'; mgai...@hotmail.com > Subject: RE: SSL Best Practices > > Yes, I do have a CA-issued certificate with

RE: SSL Best Practices

2013-03-19 Thread Jeffrey D. Fisher
-Original Message- From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Monday, March 18, 2013 5:22 PM To: Tomcat Users List Subject: RE: SSL Best Practices Jeff do you have keystore and certificate..if not go to verisign and get a CATrusted pfx... the cost is worth it and anything you creat

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
> -Original Message- > From: Martin Gainty [mailto:mgai...@hotmail.com] > Sent: Tuesday, March 19, 2013 7:35 AM > To: Tomcat Users List > Subject: RE: SSL Best Practices > > > 1)Have you ever tried to coerce IE to accept a self-signed cert 2)if > you purcha

RE: SSL Best Practices

2013-03-19 Thread Martin Gainty
ue, 19 Mar 2013 06:04:52 -0400 > Subject: RE: SSL Best Practices > > > > > -Original Message- > > From: cjder...@gmail.com [mailto:cjder...@gmail.com] On Behalf Of chris > > derham > > Sent: Tuesday, March 19, 2013 1:58 AM > > To: Tomcat Users Li

RE: SSL Best Practices

2013-03-19 Thread Harris, Jeffrey E.
> -Original Message- > From: cjder...@gmail.com [mailto:cjder...@gmail.com] On Behalf Of chris > derham > Sent: Tuesday, March 19, 2013 1:58 AM > To: Tomcat Users List > Subject: Re: SSL Best Practices > > > If the system is only for testing, or communicates w

Re: SSL Best Practices

2013-03-18 Thread chris derham
> If the system is only for testing, or communicates with a limited number of > systems (i.e., > it is a firewalled backend system that only communicates with a front-end > system), then again, > a self-signed certificate would be fine. +1 > If his organization already uses PKI certificates, th

RE: SSL Best Practices

2013-03-18 Thread Harris, Jeffrey E.
> -Original Message- > From: Martin Gainty [mailto:mgai...@hotmail.com] > Sent: Monday, March 18, 2013 6:22 PM > To: Tomcat Users List > Subject: RE: SSL Best Practices > > Jeff > > do you have keystore and certificate..if not go to verisign and get a >

RE: SSL Best Practices

2013-03-18 Thread Martin Gainty
com > To: users@tomcat.apache.org > Subject: RE: SSL Best Practices > Date: Mon, 18 Mar 2013 13:34:44 + > > > -Original Message- > > From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] > > Sent: Friday, March 15, 2013 3:03 PM > > To: users@

RE: SSL Best Practices

2013-03-18 Thread Jeffrey Janner
> -Original Message- > From: Jeffrey D. Fisher [mailto:jeff.fisher12...@cox.net] > Sent: Friday, March 15, 2013 3:03 PM > To: users@tomcat.apache.org > Subject: SSL Best Practices > > Gentlemen (Ladies): > > > > I am looking for a published "be

Re: SSL Best Practices

2013-03-15 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/15/13 4:02 PM, Jeffrey D. Fisher wrote: > I am looking for a published "best practice" on editing the > SERVER.XML configuration file to use SSL/HTTPS. The key are > imported into the keystore. > > Any input is appreciated. What doc