The specified certificate is entrusted by CA , if not, I think TOMCAT must verify the certificate and SSL connection must be failed . I don't think there is any problem about my idea. I just want to implement something that choosing the certificate by ActiveX control,not by users. Yes, maybe I submit the question in other mail-lists.
Lampa Gregor Schneider wrote: > > Actually your approach is breaking SSL-security. Among other things > SSL is bsed on TRUST. Therefore, if an unkown or self-signed > certificate is used, any browser should inform the user that the cert > is not signed by a CA. > > If you want to implement a way to circumvent said behaviour, > personally I do not see any sense in doing so but tricking the user to > accept a certificate wich is not trusted. > > Maybe I misunderstand your intentions. > > Besides, your problem is not a Tomcat-issue but a browser-issue (if > any). Therefore, I suggest you place your request in the appropiate > mailinglists / newsgroups. > > Gregor > -- > just because your paranoid, doesn't mean they're not after you... > gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 > gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/problem-about-ssl-tp21156802p21172032.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
