Win a copy of Five Lines of Code this week in the OO, Patterns, UML and Refactoring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Ron McLeod
  • Jeanne Boyarsky
  • Paul Clapham
  • Tim Cooke
  • Liutauras Vilda
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • fred rosenberger
  • salvin francis
  • Piet Souris
  • Frits Walraven
  • Carey Brown

what is self signed certificates ?

Ranch Hand
Posts: 608
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I went thru the below link :

and there is this part which completely baffled me:

If your server certificate is self-signed, you must install it in the Application Server keystore file (keystore.jks). If your client certificate is self-signed, you should install it in the Application Server truststore file (cacerts.jks).

Can someone explain what is a self-signed certificate ?  Do I need to install it at server end will do ?  I will be using Tomcat and most likely try Amazon for hosting.

Saloon Keeper
Posts: 6511
Android Mac OS X Firefox Browser VI Editor Tomcat Server Safari
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, it's a certificate you create yourself. See for how to use Java's keytool executable for that.
Saloon Keeper
Posts: 22254
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Every SSL security cert has to be digitally signed before it is usable. Certs are based on a "chain of trust", where each cert in the chain is vouched for by the next one until finally you reach the end of the chain - or, if you prefer, the top of the tree. There's a dozen or so master certs hard-coded into pretty much every SSL application.

So, for example, your cert may carry the signature of "Fred's Internet Services, LLC", and Fred may be vouched for by The Java keytool application that Tim Moores mentioned can display the entire chain.

To get a cert signed, you have to submit a Certificate Signing Request (CSA) to an authorized registrar. The registrar will return to you a signed cert, which you would then install into whatever application(s) use it.

If you use a self-signed cert you're basically saying "Trust Me! I'm who I say I am". Which is fine when you just need SSL in-house or with people who know you, but you shouldn't accept self-signed cert verification from strangers.
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    Bookmark Topic Watch Topic
  • New Topic