Apache Tomcat https setup

Discussion in 'Java' started by zigzagdna, Oct 13, 2010.

  1. zigzagdna

    zigzagdna Guest

    I am using Apache Tomcat 6. I have setup an https site by installing
    some certificates. When I enter https url a pop-up message comes
    showing the certificate. Is there a way to prevent this pop-up message
    because it is annoying to users. We are in an intranet and primary
    purpose is to encrypt passwords, data etc sent over the network.

    I have seen some other websites using https where the pop-up message
    does not come. When I installed certificates in certificate store
    using java command I trusted all the certificates, so do not know why
    popup-up message comes.


    Thanks a lot.
    zigzagdna, Oct 13, 2010
    #1
    1. Advertising

  2. zigzagdna

    Lew Guest

    On Oct 13, 12:17 pm, zigzagdna <> wrote:
    > I am using Apache Tomcat 6. I have setup an https site by installing
    > some certificates. When  I enter https  url a pop-up message comes
    > showing the certificate. Is there a way to prevent this pop-up message
    > because it is annoying to users. We are in an intranet and primary
    > purpose is to encrypt passwords, data etc sent over the network.
    >
    > I have seen some other websites using https where the pop-up message
    > does not come. When I installed certificates in certificate store
    > using java command I trusted all the certificates, so do not know why
    > popup-up message comes.
    >


    "A pop-up message ... showing the certificate" is a tad imprecise. I
    assume it's the message asking users to accept the certificate, which
    comes up when the certificate is not signed by a trusted authority.

    You say you "trusted all the certificates", another imprecise
    statement. Do you mean you went to each user's browser and instructed
    it to trust the signing authority of the certificate?

    If not, that could explain the issue, assuming my assumption of what
    you meant is correct.

    --
    Lew
    Lew, Oct 13, 2010
    #2
    1. Advertising

  3. zigzagdna

    zigzagdna Guest

    On Oct 13, 12:47 pm, Lew <> wrote:
    > On Oct 13, 12:17 pm, zigzagdna <> wrote:
    >
    > > I am using Apache Tomcat 6. I have setup an https site by installing
    > > some certificates. When  I enter https  url a pop-up message comes
    > > showing the certificate. Is there a way to prevent this pop-up message
    > > because it is annoying to users. We are in an intranet and primary
    > > purpose is to encrypt passwords, data etc sent over the network.

    >
    > > I have seen some other websites using https where the pop-up message
    > > does not come. When I installed certificates in certificate store
    > > using java command I trusted all the certificates, so do not know why
    > > popup-up message comes.

    >
    > "A pop-up message ... showing the certificate" is a tad imprecise.  I
    > assume it's the message asking users to accept the certificate, which
    > comes up when the certificate is not signed by a trusted authority.
    >
    > You say you "trusted all the certificates", another imprecise
    > statement.  Do you mean you went to each user's browser and instructed
    > it to trust the signing authority of the certificate?
    >
    > If not, that could explain the issue, assuming my assumption of what
    > you meant is correct.
    >
    > --
    > Lew


    Lew:

    Yes, pop-up message is for what you say. I did not go to each user's
    browser; instead when I was running java commands on web server to
    install certficates in a kety store which is used by Tomcat; java
    command asked me whether certificate is to be trusted.
    How does browser decides whether
    "certificate is not signed by a trusted authority". Is certifcate have
    to be installed in some place on user's PC. If yes where?

    THANKS A LOT.

    Prem
    zigzagdna, Oct 13, 2010
    #3
  4. zigzagdna

    Arne Vajhøj Guest

    On 13-10-2010 13:49, zigzagdna wrote:
    > Yes, pop-up message is for what you say. I did not go to each user's
    > browser; instead when I was running java commands on web server to
    > install certficates in a kety store which is used by Tomcat; java
    > command asked me whether certificate is to be trusted.
    > How does browser decides whether
    > "certificate is not signed by a trusted authority". Is certifcate have
    > to be installed in some place on user's PC. If yes where?


    This is a security feature.

    If a site claims to be java.sun.com and the certificate is
    signed by a company that the browser know, then there is no
    need to ask.

    If the browser does not know the signer of the certificate,
    then you get prompted.

    There are no way you can disable that server side. For
    obvious reasons otherwise the hackers would let their
    fake java.sun.com disable the check as well.

    You either need to buy a certificate from one of the
    known vendors or install the the signing certificate
    at each client PC.

    How depends on OS and browser.

    Arne
    Arne Vajhøj, Oct 14, 2010
    #4
  5. zigzagdna

    zigzagdna Guest

    On Oct 13, 7:57 pm, Arne Vajhøj <> wrote:
    > On 13-10-2010 13:49, zigzagdna wrote:
    >
    > > Yes, pop-up message is for what you say. I did not go to each user's
    > > browser; instead when I was running java commands  on web server to
    > > install certficates in a kety store which is used by Tomcat; java
    > > command asked me whether certificate is to be trusted.
    > > How does browser decides whether
    > > "certificate is not signed by a trusted authority". Is certifcate have
    > > to be installed in some place on user's PC. If yes where?

    >
    > This is a security feature.
    >
    > If a site claims to be java.sun.com and the certificate is
    > signed by a company that the browser know, then there is no
    > need to ask.
    >
    > If the browser does not know the signer of the certificate,
    > then you get prompted.
    >
    > There are no way you can disable that server side. For
    > obvious reasons otherwise the hackers would let their
    > fake java.sun.com disable the check as well.
    >
    > You either need to buy a certificate from one of the
    > known vendors or install the the signing certificate
    > at each client PC.
    >
    > How depends on OS and browser.
    >
    > Arne


    Arne:

    Thanks a lot. As alwyas you are extremely knowledagbale and your
    answers are very clear.
    zigzagdna, Oct 14, 2010
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christos Gravvanis
    Replies:
    0
    Views:
    2,031
    Christos Gravvanis
    Jul 7, 2004
  2. twins
    Replies:
    1
    Views:
    5,831
  3. Marcin Cenkier
    Replies:
    1
    Views:
    5,386
    Marcin Cenkier
    Apr 12, 2006
  4. Andi
    Replies:
    5
    Views:
    1,317
  5. zigzagdna
    Replies:
    1
    Views:
    524
    Arne Vajhøj
    Jul 29, 2010
Loading...

Share This Page