Re: OT: TomCat WebCerts and Linux? - Hewlett Packard

This is a discussion on Re: OT: TomCat WebCerts and Linux? - Hewlett Packard ; On Thu, 25 Sep 2008 09:43:15 -0400, James B. Byrne wrote: >This is likely caused by using a self-signed PKI certificate for the >service or using a certificate signed by a private certificate authority.... Upon reflection it occurs to me ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Re: OT: TomCat WebCerts and Linux?

  1. Re: OT: TomCat WebCerts and Linux?

    On Thu, 25 Sep 2008 09:43:15 -0400, James B. Byrne
    wrote:


    >This is likely caused by using a self-signed PKI certificate for the
    >service or using a certificate signed by a private certificate authority....


    Upon reflection it occurs to me that the problem could also be caused by an
    expired/revoked certificate; either the server certificate or the issuingCA
    certificate might now be invalid.

    --
    *** E-Mail is NOT a SECURE channel ***
    James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
    Harte & Lyne Limited http://www.harte-lyne.ca
    9 Brockley Drive vox: +1 905 561 1241
    Hamilton, Ontario fax: +1 905 561 0757
    Canada L8E 3C3

    * To join/leave the list, search archives, change list settings, *
    * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *


  2. Re: OT: TomCat WebCerts and Linux?

    Hi James, Mark and Others
    I am exploring the suggestions and trying to sterilize the info so I
    can post more info... But I think James may have set me on the right
    direction

    More in a bit..

    Art "Thanks to all for support" Bahrs


    Art Bahrs, CISSP
    Security Engineer
    Providence Health & Services
    Arthur.Bahrs@Providence.org
    Phone: 503-216-2722

    -----Original Message-----
    From: HP-3000 Systems Discussion [mailto:HP3000-L@RAVEN.UTC.EDU] On
    Behalf Of James B. Byrne
    Sent: Thursday, September 25, 2008 8:41 AM
    To: HP3000-L@RAVEN.UTC.EDU
    Subject: Re: OT: TomCat WebCerts and Linux?

    On Thu, 25 Sep 2008 09:43:15 -0400, James B. Byrne

    wrote:


    >This is likely caused by using a self-signed PKI certificate for the
    >service or using a certificate signed by a private certificate

    authority...

    Upon reflection it occurs to me that the problem could also be caused by
    an expired/revoked certificate; either the server certificate or the
    issuing CA certificate might now be invalid.

    --
    *** E-Mail is NOT a SECURE channel ***
    James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
    Harte & Lyne Limited http://www.harte-lyne.ca
    9 Brockley Drive vox: +1 905 561 1241
    Hamilton, Ontario fax: +1 905 561 0757
    Canada L8E 3C3

    * To join/leave the list, search archives, change list settings, *
    * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *


    DISCLAIMER:
    This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.

    * To join/leave the list, search archives, change list settings, *
    * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *


  3. Re: OT: TomCat WebCerts and Linux?

    > I am exploring the suggestions and trying to sterilize the info so I
    > can post more info... But I think James may have set me on the right
    > direction


    James has most certainly hit the nail on the head. Most people don't go out
    and buy an SSL cert when they're playing with new technology. I'm sure you
    have a self-signed cert.

    In our case, we didn't mind the certificate warning when it was employees
    who were getting it but soon we'll be having customers and suppliers
    accessing our online systems. So pay attention to James's advice when you do
    go a get an SSL cert and think about the number of domains and/or IP
    addresses and use the subjectAltName feature in your request. We didn't and
    it required some extra work.

    Mark W.

    * To join/leave the list, search archives, change list settings, *
    * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *


  4. Re: OT: TomCat WebCerts and Linux?

    Hi Mark
    Thanks, I reviewed all replies ... Especially James and yours as
    there was some really good information there!

    This is a case of "internal self-signed certificate with a internal
    CA" so James' info was very much in the 'pipe' for targeting...

    Unfortunately, our workaround of using FireFox will have to bide us
    for a while longer... The SysAdmins and the Cert Admin are pondering
    this ... And our BlueCoat conversion project just got re-prioritized
    waaaayyy above the cert situation since we have a workaround for the
    cert situation.

    Stay tuned... I will be back to it in a while

    Art "knee-deep in the hoopla" Bahrs

    P.s. Since we are watching "It' a Wonderful Life" in the real life...
    Does that mean life is just a movie? Hehehe

    Or as another fun late night ponderance (based on a Robin Williams
    routine) goes:
    Life is but a Dream,
    Reality is what we call Life,
    Q.E.D. Reality is a Dream....


    Art Bahrs, CISSP
    Security Engineer
    Providence Health & Services
    Arthur.Bahrs@Providence.org
    Phone: 503-216-2722

    -----Original Message-----
    From: Mark Wonsil [mailto:wonsil@4m-ent.com]
    Sent: Friday, September 26, 2008 3:51 AM
    To: Bahrs, Art; HP3000-L@RAVEN.UTC.EDU
    Subject: RE: [HP3000-L] OT: TomCat WebCerts and Linux?

    > I am exploring the suggestions and trying to sterilize the info so
    > I can post more info... But I think James may have set me on the right


    > direction


    James has most certainly hit the nail on the head. Most people don't go
    out and buy an SSL cert when they're playing with new technology. I'm
    sure you have a self-signed cert.

    In our case, we didn't mind the certificate warning when it was
    employees who were getting it but soon we'll be having customers and
    suppliers accessing our online systems. So pay attention to James's
    advice when you do go a get an SSL cert and think about the number of
    domains and/or IP addresses and use the subjectAltName feature in your
    request. We didn't and it required some extra work.

    Mark W.



    DISCLAIMER:
    This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.

    * To join/leave the list, search archives, change list settings, *
    * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *


+ Reply to Thread