Win a copy of Mastering Corda: Blockchain for Java Developers this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Jj Roberts
  • Carey Brown
  • salvin francis
  • Frits Walraven
  • Piet Souris

Correct CN for the SSL Certificate for HTTPS Configuration

Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't know if this is the correct forum to ask if someone thinks I should post in another forum let me know.

I'm using Weblogic 10.3 and in the development environment I have configured the HTTPS with a certificate issued to the FQDN of the host in the internal network, that is my certificate CN is hostname.organzation-name.local. For development purposes this is perfect and from the internal network we can use the website without problems.

No I'll have to configure the HTTPS for the Production server that is access from the Internet. I think the network people have a NAT Firewall. I'm not sure what they're using, but I'm almost sure it is not a HTTP Web Server in front of the Application Server and the external users access the application with an external IP. If I ask for a certificate issued to the internal FQDN or internal IP and install it in Weblogic the internal applications would be able to verify the identity of my server, but when a user connects using the web browser he/she will receive an error from the browser that the certificate does not match the address entered.

What should I do to prevent this? Should I request a certificate alternate subjects and include the external IP as an alternate subject or should I have different certificates? If I need to have different certificates how would I configure this in Weblogic?

Posts: 6663
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If the clients are external, what prevents your organization (org) from associating a domain name / CNAME to the IP in question ? You can then create a self signed certificate bound to that domain name.

The certificate will be invalid to begin with since it is self signed. If it is not self signed no warning will be displayed.

[EDIT] You may also want to ask your org if the certificate will be installed on a web server / application server. That will give you an idea on which paths of the traffic are encrypted.

PS: I will move this to "general computing" for you
Forget Steve. Look at this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
    Bookmark Topic Watch Topic
  • New Topic