Expired Self-Signed Certificates?

["Furman, Mark" <ma...@lmco.com>]

We have noticed that our expired self-signed certificates are still
functioning with no error messages.  When using self-signed certificates
with Tomcat 6, are the expiration dates valid?  

Re: Expired Self-Signed Certificates?

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark,

On 2/17/2009 3:03 PM, Furman, Mark wrote:
> Thanks Serge.  I believe that answers my question. 

Note that, if your client app is Java-based, the Java HTTPS provider
will do all that checking for you, and should be complaining about the
non-validity of the SSL certificate.

- -chris

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkmccKIACgkQ9CaO5/Lv0PAaNgCfdcFbdnS77Lwj357K3MDlepg3
MSgAn2J+sv56A37f1kXjZjqm+GVrCdvG
=KZ+W
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

RE: Expired Self-Signed Certificates?

["Furman, Mark" <ma...@lmco.com>]

Thanks Serge.  I believe that answers my question. 

-----Original Message-----
From: Serge Fonville [mailto:serge.fonville@gmail.com] 
Sent: Tuesday, February 17, 2009 2:56 PM
To: Tomcat Users List
Subject: Re: Expired Self-Signed Certificates?

>
> Our application is using a SSL connection to communicate with Tomcat.
>
If we were using a browser I might expect to see a "connection denied"
>
response or an invalid certificate message in the Tomcat logs.
>

SSL does not allow or deny connections by itself, it's just a means to
verify the validity of the connecting party.It is upto the
implementation to
verify if the certificate is valid.
SSL operates on top of IP and encrypts all traffic whether the other
party
is trusthworty is up to the application that is setting up the
connection to
determine. Certificates are a means to verify the other party is who
they
say they are by means of acknowledgement of a recognized authority.
If you wan't your application to deny the connection if the certificate
is
expired, the application must be written to do so.

Hope this helps,

Serge Fonville


>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Expired Self-Signed Certificates?

[Serge Fonville <se...@gmail.com>]

>
> Our application is using a SSL connection to communicate with Tomcat.
>
If we were using a browser I might expect to see a "connection denied"
>
response or an invalid certificate message in the Tomcat logs.
>

SSL does not allow or deny connections by itself, it's just a means to
verify the validity of the connecting party.It is upto the implementation to
verify if the certificate is valid.
SSL operates on top of IP and encrypts all traffic whether the other party
is trusthworty is up to the application that is setting up the connection to
determine. Certificates are a means to verify the other party is who they
say they are by means of acknowledgement of a recognized authority.
If you wan't your application to deny the connection if the certificate is
expired, the application must be written to do so.

Hope this helps,

Serge Fonville


>

RE: Expired Self-Signed Certificates?

["Furman, Mark" <ma...@lmco.com>]

Our application is using a SSL connection to communicate with Tomcat.
If we were using a browser I might expect to see a "connection denied"
response or an invalid certificate message in the Tomcat logs. 

R/
Mark

-----Original Message-----
From: Serge Fonville [mailto:serge.fonville@gmail.com] 
Sent: Tuesday, February 17, 2009 2:41 PM
To: Tomcat Users List
Subject: Re: Expired Self-Signed Certificates?

Hi,

We have noticed that our expired self-signed certificates are still
>
functioning with no error messages.
>

What error messages would you expect?Is there nothing displayed prior to
showing the page?

Regards,

Serge Fonville

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Expired Self-Signed Certificates?

[Serge Fonville <se...@gmail.com>]

Hi,

We have noticed that our expired self-signed certificates are still
>
functioning with no error messages.
>

What error messages would you expect?Is there nothing displayed prior to
showing the page?

Regards,

Serge Fonville