The moose likes Sockets and Internet Protocols and the fly likes SSL certificate error for hostname mismatch? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Sockets and Internet Protocols
Bookmark "SSL certificate error for hostname mismatch?" Watch "SSL certificate error for hostname mismatch?" New topic

SSL certificate error for hostname mismatch?

Jimmy Ho
Ranch Hand

Joined: Jul 31, 2007
Posts: 61

I'm new to SSL, and I want this to work without any pop-ups about bad certificates, using pure socket programming.

Right now, I have to deploy a single self-signed SSL certificate to several hundred systems (set A) and then store them as trusted certificates on another several hundred systems (set B) that are paired up. For a gazillion reasons due to maintenance budget, project budget, and this being on our internal mostly-secure network, we're going to use the same SSL certificate for every A-B server pair.

Sooooo, this means that the "common name" or "dn" or whatever won't have the fully qualified hostname ( because the same cert is on multiple servers. I heard that sometimes there'll be a pop-up on some systems stating the server name in the cert doesn't match the server's actual hostname, or whatever.

The server side is a Java program. The client side is a C program. Using SSL sockets. Will there be a problem? If so, how hard is it to write a script to change that common name in the cert for each server? I'm on a tight timeline and this isn't some hugely robust enteprise-grade app. It just needs to do a simple LDAP relay between the LDAP server and the client.


I agree. Here's the link:
subject: SSL certificate error for hostname mismatch?
It's not a secret anymore!