[ale] Certificate SigningRe: [ale] Certificate Signing

cfowler cfowler at outpostsentinel.com
Thu Jan 16 22:25:27 EST 2003



Where I'm confused is where each key is verified via the hostname.  Is this
correct?  Since 1000 units can have the same stunnel.pem, each one  will have
a unique IP and hostname.  Will this cause and issue?




On 12/31/1969, "Jason Day" <jasonday at worldnet.att.net> wrote:

>On Thu, Jan 16, 2003 at 11:36:20PM +0000, cfowler wrote:
>> We have a software package that ahs the file 'stunnel.pem' on it.  I
generated
>> this certificate then placed it in the software package.  The embedded
device
>> has *no* capablity to generate certificates.  So the *same* stunnel.pem
file
>> is distributed among 1000 units.  If you used cat on unit one and cat on
unit
>> 1000 they would look the same.  How do I sign this file so that Java and
my
>> web browser do not complain when they connect?
>
>You have to pay a CA like Verisign or Thawte to sign it for you.  It's
>been several years since I've needed a certificate signed, but it would
>run about $100 a few years ago, not sure what it costs now.
>
>You can, of course, tell your browser to stop complaining, but you have
>to do that for each client.
>
>As for Java, I assume you are using JSSE?  You can use keytool (comes
>with JDK, but not JRE) to import your certificate and tell java to trust
>it.  Just import the certificate into a file called jssecacerts and put
>that file in your jre/lib/security directory.  Even then, you will still
>have to do a little coding to make JSSE behave.  I can send you a
>snippet later if it will help.
>
>Jason
>--
>Jason Day                                       jasonday at
>http://jasonday.home.att.net                    worldnet dot att dot net
>
>"Of course I'm paranoid, everyone is trying to kill me."
>    -- Weyoun-6, Star Trek: Deep Space 9
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://www.ale.org/mailman/listinfo/ale
>
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list