Hey guys,
I've been successful using a self-signed certificate in a non-deployed environment.
This past week, we've moved to a CA-certified, self-signed certificate, and have active encryption but no authorization to go to the website.
Both FireFox and Internet Explorer stop the load and display 'This website cannot be displayed.'
Apparently, this is due to the 'This website does not supply ownership information.' error. There appears to no longer be a way to actually permit exceptions in the browsers.
Comodo was the first choice, but seeking a sub-domain (subdomain.domain.com) CA cert, we moved to GoDaddy. Apparently, Comodo DOES provide them, but we were told that they did not by their support in India...
GoDaddy is not in the list of CA providers for JAVA installations. So, four iterations of Certificate Signing Requests later, received confirmation through https://htbridge.com/ssl that there is indeed an SSL handshake, agreement and a lunch date. This is one of few sites which can verify non-standard SSL ports. The website passed all that, except HIIPA certs which require > 2048 bit keys. I could, but won't.
There are (now) a number of certficate stores on the Windows (7.4.8 Servoy) installation, and cacerts, ~/.keystore, mykeystore.ks, keystore2.ks, keystore3.ks... you get the drift. There was a lot of testing. Scratch that, a lot of thrashing.
In the final pass, this last error seems insurmountable for quite a few FireFox and Internet Explorer users. (I don't feel the need to go Chrome, etc) And was unable to return to the self-signed, non-CA-ified SSL cert that worked well enough a few days ago. And this is just testing the https://servoyServer:8443/servoy-admin page.
So have those who have been successful, what works?
Does anyone use GoDaddy?
Having read the wiki.servoy stuff, there is http://www.instantssl.com, etc. Does anyone use these guys?
Did anyone have to revert to port 443 to comply with how the big boys want it done?
Ugh.
Thanks,
--Joe.