• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Correct CN for the SSL Certificate for HTTPS Configuration

 
Greenhorn
Posts: 20
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't know if this is the correct forum to ask if someone thinks I should post in another forum let me know.

I'm using Weblogic 10.3 and in the development environment I have configured the HTTPS with a certificate issued to the FQDN of the host in the internal network, that is my certificate CN is hostname.organzation-name.local. For development purposes this is perfect and from the internal network we can use the website without problems.

No I'll have to configure the HTTPS for the Production server that is access from the Internet. I think the network people have a NAT Firewall. I'm not sure what they're using, but I'm almost sure it is not a HTTP Web Server in front of the Application Server and the external users access the application with an external IP. If I ask for a certificate issued to the internal FQDN or internal IP and install it in Weblogic the internal applications would be able to verify the identity of my server, but when a user connects using the web browser he/she will receive an error from the browser that the certificate does not match the address entered.

What should I do to prevent this? Should I request a certificate alternate subjects and include the external IP as an alternate subject or should I have different certificates? If I need to have different certificates how would I configure this in Weblogic?

Thanks.
 
Bartender
Posts: 6663
5
MyEclipse IDE Firefox Browser Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If the clients are external, what prevents your organization (org) from associating a domain name / CNAME to the IP in question ? You can then create a self signed certificate bound to that domain name.

The certificate will be invalid to begin with since it is self signed. If it is not self signed no warning will be displayed.

[EDIT] You may also want to ask your org if the certificate will be installed on a web server / application server. That will give you an idea on which paths of the traffic are encrypted.

PS: I will move this to "general computing" for you
 
Don't sweat petty things, or pet sweaty things. But cuddle this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic