Reputation: 41
Trusted SSL With Self Sign Certificate In Tomcat Server Without Importing Certificate In Browser
My application is running in intranet in tomcat server. I am able to run my application with https but with warning(The security certificate presented by this website was not issued by a trusted certificate authority) also https symbol is crossed in red.
How we can have trusted SSL with self sign certificate in tomcat server without pain of importing certificate in browser?
Upvotes: 0
Views: 848
Answers (3)
Reputation: 11
Any browser confirms below list items before marking a website/url secure:
Match the base DNS with that of the certificate CN (Note that the port number doesn't come into picture in this case). For example, if you are accessing https://example.com:8445/something, the certificate CN should be "example.com"
The self-signed certificate has to be imported into the respective trust store (Root Certification Authorities) of the system.
The certificate must have a SAN (Subject Alternative Name), that matches the DNS. With respect to previous example, the certificate must have at least one SAN equivalent to "example.com". This is a must, and most of the folks miss out on this point, and could not understand why the browser doesn't trust the certificate.
The Free way to establish trust in browser for internal applications Now, all the above 3 criteria cannot be met unless the certificate is signed by a CA. However, there is an easy way. Go to https://freesslcert.org/ to receive a completely free 1 year certificate with all the above criteria incorporated. Follow the steps mentioned in https://freesslcert.org/trust-freesslcert-in-browser and you are all set.
Paid Solution for external websites You can spend some dollars to get a certificate from one of the CA as mentioned here : https://freesslcert.org/get-cert
Upvotes: 0
Reputation: 123340
How we can have trusted SSL with self sign certificate in tomcat server without pain of importing certificate in browser?
You can't. Self-signed is not trusted by default (where should the trust come from?) and thus you cannot expect the browser to trust it without telling the browser that it can trust it (by importing). Trust is a relationship and can not simply emerge from nowhere.
Upvotes: 1
Reputation: 2421
The warning States that the certificate is valid but browser don't trust the authority issuing the certificate. The only way is to Configure Browser to Ignore the untrusted CA issues, or Trust The organization in this case you .
Alternatively the recommended way is to get a certificate issues from one the of the CA Authority ( Verisign , Godaddy etc).
Upvotes: 0
Related Questions
- How to create a self signed SSL certificate for use with Tomcat?
- Import ssl certificates to Apache Tomcat
- Install SSL on Tomcat with certificate .cer
- Tomcat Server/Client Self-Signed SSL Certificate
- Tomcat and self-signed certificate
- Adding a foreign server's self-signed certificate to the trusted certificates of my Tomcat
- TLS connection with self signed certificate
- Enable SSL on Tomcat using SSL CERTIFICATE, PRIVATE KEY and SSLCertificateChain CERTIFICATE
- HTTPS not working with self signed certificate in tomcat
- Setup SSL (self signed cert) with tomcat