Today I’ve been testing with an SSL certificate on a testserver, running a smart-client.
This seems to be very critical when it comes to CN name in the certificate and the actual serveraddress.
As there might be more than 1 server involved, I was wondering whether or not a wildcard certificate can be used.
Consider the following situation:
2nd server with IP 10.1.0.6 with addres ‘test.mydomain.com’ pointing to it
Would it be possible to have the wildcard certificate issued for mydomain.com?
Until now whether I used a self signed or a officially signed certificate for a slightly different domain, I got an error in java console telling me: ‘SSLPeerUnverifiedException: peer not authenticated’
I tested with a Comodo trial certificate (instantSSL.com), but this was bound to 1 specific domain (so no wildcard)
Although I trusted the certificate the smart-client solution wouldn’t start as Java claimed the connection address was different from the domainname in the certificate (which was true).
Also a self-signed certificate wouldn’t help much as Java found this still insecure.
Anyway: no startup possible
Jan Aleman:
The actual server address does not matter.
Agree: the actual server address doesn’t, the connection address to the server does…
If I install a certificate for myDomain.com and try to connect to localhost/servoy-webclient/mySolution.jnlp there’s no way to get it started.
Only myDomain.com/servoy-webclient/mySolution.jnlp will work.
Wildcard certificates will support any subdomain of the main domainname(*.myDomain.TLD).
By the way there are also Unified Communcations Certificates (UCC) where you can add multiple (different) domains to a certificate (test.myDomain.TLD, blah.myOtherDomain.TLD).
So depending on your need (and budget) you can choose either one.