Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SSL certificate error for hostname mismatch?

 
Jimmy Ho
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I'm new to SSL, and I want this to work without any pop-ups about bad certificates, using pure socket programming.

Right now, I have to deploy a single self-signed SSL certificate to several hundred systems (set A) and then store them as trusted certificates on another several hundred systems (set B) that are paired up. For a gazillion reasons due to maintenance budget, project budget, and this being on our internal mostly-secure network, we're going to use the same SSL certificate for every A-B server pair.

Sooooo, this means that the "common name" or "dn" or whatever won't have the fully qualified hostname (myserverA1.mycomp.com) because the same cert is on multiple servers. I heard that sometimes there'll be a pop-up on some systems stating the server name in the cert doesn't match the server's actual hostname, or whatever.

The server side is a Java program. The client side is a C program. Using SSL sockets. Will there be a problem? If so, how hard is it to write a script to change that common name in the cert for each server? I'm on a tight timeline and this isn't some hugely robust enteprise-grade app. It just needs to do a simple LDAP relay between the LDAP server and the client.

Thanks!

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic