This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
I'm new to SSL, and I want this to work without any pop-ups about bad certificates, using pure socket programming.
Right now, I have to deploy a single self-signed SSL certificate to several hundred systems (set A) and then store them as trusted certificates on another several hundred systems (set B) that are paired up. For a gazillion reasons due to maintenance budget, project budget, and this being on our internal mostly-secure network, we're going to use the same SSL certificate for every A-B server pair.
Sooooo, this means that the "common name" or "dn" or whatever won't have the fully qualified hostname (myserverA1.mycomp.com) because the same cert is on multiple servers. I heard that sometimes there'll be a pop-up on some systems stating the server name in the cert doesn't match the server's actual hostname, or whatever.
The server side is a Java program. The client side is a C program. Using SSL sockets. Will there be a problem? If so, how hard is it to write a script to change that common name in the cert for each server? I'm on a tight timeline and this isn't some hugely robust enteprise-grade app. It just needs to do a simple LDAP relay between the LDAP server and the client.