> > Our application is using a SSL connection to communicate with Tomcat. > If we were using a browser I might expect to see a "connection denied" > response or an invalid certificate message in the Tomcat logs. >
SSL does not allow or deny connections by itself, it's just a means to verify the validity of the connecting party.It is upto the implementation to verify if the certificate is valid. SSL operates on top of IP and encrypts all traffic whether the other party is trusthworty is up to the application that is setting up the connection to determine. Certificates are a means to verify the other party is who they say they are by means of acknowledgement of a recognized authority. If you wan't your application to deny the connection if the certificate is expired, the application must be written to do so. Hope this helps, Serge Fonville >
