[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [platform-update-dev] Role Based Updates
|
Christophe Elek wrote:
Bob,
No problem
Thanks!
HTTPS relies on SSL which does the following handshake
1) client connects to HTTPS
2) Server sends server cert
3) client verifies cert against its truststore
It made sense right up to here.
optional
4) server asks for client cert
5) client sends cert
6) server verifies cert
Does somebody really want their cert sitting around on each client's
machine?
In the current implementation, all works fine if the server certificate is
signed by a trusted CA which appears in cacerts under the JDK (Verisign,
Thawte and maybe Equifax depending on your cacert)
Ok.
If you created your own certificate, the connection will fail miserably
until you manually add the server certificate in your client
This part I don't understand. But maybe your next paragraph means I
don't need to. ;-}
When you connect to a HTTPS server from a browser you can get a screen that
tells you (in a nutshell)
The certificate you are receiving is signed by <company>
You do not trust <company> do you want to trust it for this session, for
ever or decide to cancel
We can do the same <well, technically it is feasible>
Yes, it makes sense to do the same thing.
Bob
