Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I just started today with worklight and try to connect a RESTFul API. The server (which I don't own) I would like to reach use ssl with a self-signed certificate. I imported the certificate in my cacert following the procedure defined in the worklight documentation.
Now, I have the following error when I try the RESTFul API:
"errors": [ "Runtime: Http request failed: javax.net.ssl.SSLException:
hostname in certificate didn't match:
In many http java implementation there is a way to disable the hostname verification but don't find it how to do it when using worklight.
Any tip?
As this question has been close because it is off topic, could you tell me where I post questions and get support on IBM Worklight?
Many Thanks
See this article regardin self signed certificates.
http://pic.dhe.ibm.com/infocenter/wrklight/v5r0m5/index.jsp?topic=%2Fcom.ibm.worklight.help.doc%2Fadmin%2Ft_ibm_worklight_server_and_self-signed_certificates.html
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
When I try to invoke a get request via URL in the browser (no matter what the browser is), this is the response I got.
This error has was given because my request is an http request where the service deployed in the server uses https (deployed in an https port)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I'm new to all the ssl stuff.
Is it possible to have an SSL Certificate from different SSL Certificate provider than my hosting company or the hosting and SSL Certificate must come from the same company?
For example, if I host a site in Godaddy, do I must get the SSL Certificate from then (Goddady) as well? or I can do it through some other cheaper SSL Certificate provider?
If it's possible to have SSL Certificate not from the Hosting provider, I would be happy to have a reference by links or something...
Thanks in advance.
Is it possible to have an SSL Certificate from different SSL Certificate provider than my hosting company
Yes.
Or the hosting and SSL Certificate must come from the same company?
No.
If it's possible to have SSL Certificate not from the Hosting provider
In many instances, you can get a free Class 1 server certificate Startcom or CAcert. The certificates are trusted by most desktop and mobile browsers. Class 1's are domain validated via email and don't allow wildcards. If you need a wildcard, then you'll have to purchase a Class 2 or higher. Startcom and CAcert charge for revocation, if needed.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
How can I show the company name (author of the certificate) instead of the plain "https" in the browser url input?
As said in comment above, the certificate you look for is SSL Certificate with Extended Validation (EV), which validates Domain ownership as well as Company identity.
This kind of SSL certificate is offered by quite a lot Certificate Authorities, such as Verisign and GoDaddy.
Reference: http://www.symantec.com/en/hk/verisign/ssl-certificates/secure-site-ev?inid=vrsn_symc_ssl_SSEV
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
Can someone please point me to good articles on understanding the 'key usage' property of a ssl certificate? what are the pros and cons of getting a certificate issued with 'Data Encipherment' as one of the values?
Is this recommended? Recently we had to host a web service on our site, to be consumed by a third party and one of their requirements is that the certificate must have 'Data encipherment' in 'key usage'. Currently our site already has ssl, but key usage doesn't have 'data encipherment'.
Will there be any noticeable slowness if say we buy a new certificate with data encipherment and replace the current site certificate with the new one?
You can read the spec, RFC 5280 4.2.1.3. Basically Key Usage is just bits set on the certificate that restrict what the certificate authority certifies using the key for. It should not affect SSL performance - I don't believe SSL even allows for Data Encipherment (using the public key to encrypt data versus using it to establish a symmetric key for data).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have a general question. Theoretically, if you have the following trust chain: RootCA -> IntermediateCA -> MyDomainCertificate, one should verify 2 certificates in order to verify your certificate. When I send MyDomainCertificate.crt (X509v3) to someone for verification, do I have to send him the whole chain? Is the verifier able to download all intermediate certificates automatically?
This is how I hope it works:
I send MyDomainCertificate.crt to someone and he wants to verify it.
The verifier needs IntermediateCA.crt (the certificate of my issuer) in order to verify MyDomainCertificate.crt, so he downloads it automatically.
The verifier needs RootCA.crt in order to verify IntermediateCA.crt. The verifier hat this root certificate locally and completes the verification process.
Examples:
Firefox has to be able to check all server certificates. Is firefox able to download automatically all intermediate certificates, or do all servers send the complete trust chain?
If I have client authentication, does Tomcat download automatically all intermediate certificates, or do all clients send the complete trust chain for their certificates?
I hope someone can help my theory/practice confusion. Thanks!
Configuring an SSL should always include installing intermediate certificates (trust chain) Because some browsers only have the root certificate and don't have intermediate certificate, and your web server should send a copy to client of the intermediate certificate.
You can use openssl for verify your ssl configuration. Read this post:
https://major.io/2012/02/07/using-openssls-s_client-command-with-web-servers-using-server-name-indication-sni/