• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
Sheriffs:
  • Liutauras Vilda
  • Henry Wong
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Al Hobbs
  • Carey Brown
Bartenders:
  • Piet Souris
  • Mikalai Zaikin
  • Himai Minh

Java Security Certificate Doubt

 
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am new to Java security. We have bought a verisign certificate for our comapny with this domain

*.mycomp.us.com

When I use this certificate on production site users dont get browser prompt for every page. the production URL is www.mycomp.us.com
But when I use this certificate on staging env (www.stg.mycomp.us.com:8443) then I get the IE popup message for security risk.

My doubt is : we have taken the certificate for *.mycomp.us.com so it should be valid for both urls. is this due to the port 8443 in the URL which is causing problem? If yes why?

Let me know your thoughts.


 
Ranch Hand
Posts: 176
Mac Chrome Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Although Java Security is a possible option, it's not often the best decision since it's not type-safe.
 
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What exactly is IE complaining about? That the hostnames do not match?

Have you tried using stg.mycomp.us.com instead of www.stg.mycomp.us.com for your staging server?
 
Marshal
Posts: 76107
362
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sounds more difficult a question than we usually have on beginners'. Moving to the security forum.
 
Priyanka Dandekar
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am attaching the security popup which I get, It says


This page contains both secure and non secure items.

Do you want to display the non secure items?

With 3 buttons [Yes] [No] [More Info]


Thanks Campbell for moving this to right forum, I tried searching through topics but didn't find security. had never thought it would be inside Engineering. Thanks again.
SecurityPopup.JPG
[Thumbnail for SecurityPopup.JPG]
 
Priyanka Dandekar
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think this should be a very common popup message faced on IE, does someone have idea why do I still get it if I have the certificate installed.
I am running the app on HTTPS port 8443
 
Ranch Hand
Posts: 220
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
See rfc2818. You only get to use one domain name component in place of the asterisk.
 
Ranch Hand
Posts: 225
Eclipse IDE Debian Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have you tried Gamini Sirisena’s suggestion?

I normally come across that error when an image, CSS file, frame or script is loaded from a non-SSL server. Can you check whether all content on the page is secure?
 
Gamini Sirisena
Ranch Hand
Posts: 378
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As far as I can see this has nothing to do with the certificate (SSL I presume).

This happens when a secure resource is requested and the resource contains both secure (https) and insecure (http) items in it.
 
Priyanka Dandekar
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have same application on production where we are pointing to few iframes at http link but I dont see this popup on the prod site.

I can check for images as well but if its the "mix of HTTP and HTTPs" which is causing it then I should get this problem even for .css and .js files which we don't host on same https link.

Can you give more details on this? Why is http link with https not safe?

Sorry for the confusion, here are the prod and staging URL we are using

https://service1.us.mycomp.com/index.htm

https://service1stage.us.mycomp.com:8443/index.htm


*.us.mycomp.com is a Verisign supplied wildcard cert we have.


 
Priyanka Dandekar
Ranch Hand
Posts: 52
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks experts for your responses. This is resolved. It was not related to certificate.

But the solution was strange,

The <link href="" /> tags and <script src=""/> tags were used in this file in mixed order.

I moved all <link href="" /> tags on top of the page and it started working fine.

Still dont have a clue why this would happen. I still have these link tags pointing to http links and also have script tags pointing to JS files in http links.

Any idea what could be the reason?
 
reply
    Bookmark Topic Watch Topic
  • New Topic