• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

what is self signed certificates ?

 
Ranch Hand
Posts: 602
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I went thru the below link :

https://docs.oracle.com/cd/E19879-01/819-3669/bnbyb/index.html

and there is this part which completely baffled me:

If your server certificate is self-signed, you must install it in the Application Server keystore file (keystore.jks). If your client certificate is self-signed, you should install it in the Application Server truststore file (cacerts.jks).



Can someone explain what is a self-signed certificate ?  Do I need to install it at server end will do ?  I will be using Tomcat and most likely try Amazon for hosting.

Tks.
 
Saloon Keeper
Posts: 6454
158
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, it's a certificate you create yourself. See https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Prepare_the_Certificate_Keystore for how to use Java's keytool executable for that.
 
Saloon Keeper
Posts: 22126
151
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Every SSL security cert has to be digitally signed before it is usable. Certs are based on a "chain of trust", where each cert in the chain is vouched for by the next one until finally you reach the end of the chain - or, if you prefer, the top of the tree. There's a dozen or so master certs hard-coded into pretty much every SSL application.

So, for example, your cert may carry the signature of "Fred's Internet Services, LLC", and Fred may be vouched for by Google.com. The Java keytool application that Tim Moores mentioned can display the entire chain.

To get a cert signed, you have to submit a Certificate Signing Request (CSA) to an authorized registrar. The registrar will return to you a signed cert, which you would then install into whatever application(s) use it.

If you use a self-signed cert you're basically saying "Trust Me! I'm who I say I am". Which is fine when you just need SSL in-house or with people who know you, but you shouldn't accept self-signed cert verification from strangers.
 
Hey! You're stepping on my hand! Help me tiny ad!
Devious Experiments for a Truly Passive Greenhouse!
https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
    Bookmark Topic Watch Topic
  • New Topic