• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

what is self signed certificates ?

 
Ranch Hand
Posts: 834
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I went thru the below link :

https://docs.oracle.com/cd/E19879-01/819-3669/bnbyb/index.html

and there is this part which completely baffled me:

If your server certificate is self-signed, you must install it in the Application Server keystore file (keystore.jks). If your client certificate is self-signed, you should install it in the Application Server truststore file (cacerts.jks).



Can someone explain what is a self-signed certificate ?  Do I need to install it at server end will do ?  I will be using Tomcat and most likely try Amazon for hosting.

Tks.
 
Saloon Keeper
Posts: 7165
165
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, it's a certificate you create yourself. See https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html#Prepare_the_Certificate_Keystore for how to use Java's keytool executable for that.
 
Saloon Keeper
Posts: 24510
167
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Every SSL security cert has to be digitally signed before it is usable. Certs are based on a "chain of trust", where each cert in the chain is vouched for by the next one until finally you reach the end of the chain - or, if you prefer, the top of the tree. There's a dozen or so master certs hard-coded into pretty much every SSL application.

So, for example, your cert may carry the signature of "Fred's Internet Services, LLC", and Fred may be vouched for by Google.com. The Java keytool application that Tim Moores mentioned can display the entire chain.

To get a cert signed, you have to submit a Certificate Signing Request (CSA) to an authorized registrar. The registrar will return to you a signed cert, which you would then install into whatever application(s) use it.

If you use a self-signed cert you're basically saying "Trust Me! I'm who I say I am". Which is fine when you just need SSL in-house or with people who know you, but you shouldn't accept self-signed cert verification from strangers.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic