I am using Apache Tomcat 6. I have setup an https site by installing
some certificates. When  I enter https  url a pop-up message comes
showing the certificate. Is there a way to prevent this pop-up message
because it is annoying to users. We are in an intranet and primary
purpose is to encrypt passwords, data etc sent over the network.

I have seen some other websites using https where the pop-up message
does not come. When I installed certificates in certificate store
using java command I trusted all the certificates, so do not know why
popup-up message comes.


Thanks a lot.

On Oct 13, 12:17=A0pm, zigzagdna <zigzag...@yahoo.com> wrote:
> I am using Apache Tomcat 6. I have setup an https site by installing
> some certificates. When =A0I enter https =A0url a pop-up message comes
> showing the certificate. Is there a way to prevent this pop-up message
> because it is annoying to users. We are in an intranet and primary
> purpose is to encrypt passwords, data etc sent over the network.
>
> I have seen some other websites using https where the pop-up message
> does not come. When I installed certificates in certificate store
> using java command I trusted all the certificates, so do not know why
> popup-up message comes.
>

"A pop-up message ... showing the certificate" is a tad imprecise.  I
assume it's the message asking users to accept the certificate, which
comes up when the certificate is not signed by a trusted authority.

You say you "trusted all the certificates", another imprecise
statement.  Do you mean you went to each user's browser and instructed
it to trust the signing authority of the certificate?

If not, that could explain the issue, assuming my assumption of what
you meant is correct.

--
Lew

On Oct 13, 12:47=A0pm, Lew <l...@lewscanon.com> wrote:
> On Oct 13, 12:17=A0pm, zigzagdna <zigzag...@yahoo.com> wrote:
>
> > I am using Apache Tomcat 6. I have setup an https site by installing
> > some certificates. When =A0I enter https =A0url a pop-up message comes
> > showing the certificate. Is there a way to prevent this pop-up message
> > because it is annoying to users. We are in an intranet and primary
> > purpose is to encrypt passwords, data etc sent over the network.
>
> > I have seen some other websites using https where the pop-up message
> > does not come. When I installed certificates in certificate store
> > using java command I trusted all the certificates, so do not know why
> > popup-up message comes.
>
> "A pop-up message ... showing the certificate" is a tad imprecise. =A0I
> assume it's the message asking users to accept the certificate, which
> comes up when the certificate is not signed by a trusted authority.
>
> You say you "trusted all the certificates", another imprecise
> statement. =A0Do you mean you went to each user's browser and instructed
> it to trust the signing authority of the certificate?
>
> If not, that could explain the issue, assuming my assumption of what
> you meant is correct.
>
> --
> Lew

Lew:

Yes, pop-up message is for what you say. I did not go to each user's
browser; instead when I was running java commands  on web server to
install certficates in a kety store which is used by Tomcat; java
command asked me whether certificate is to be trusted.
How does browser decides whether
"certificate is not signed by a trusted authority". Is certifcate have
to be installed in some place on user's PC. If yes where?

THANKS A LOT.

Prem

On 13-10-2010 13:49, zigzagdna wrote:
> Yes, pop-up message is for what you say. I did not go to each user's
> browser; instead when I was running java commands  on web server to
> install certficates in a kety store which is used by Tomcat; java
> command asked me whether certificate is to be trusted.
> How does browser decides whether
> "certificate is not signed by a trusted authority". Is certifcate have
> to be installed in some place on user's PC. If yes where?

This is a security feature.

If a site claims to be java.sun.com and the certificate is
signed by a company that the browser know, then there is no
need to ask.

If the browser does not know the signer of the certificate,
then you get prompted.

There are no way you can disable that server side. For
obvious reasons otherwise the hackers would let their
fake java.sun.com disable the check as well.

You either need to buy a certificate from one of the
known vendors or install the the signing certificate
at each client PC.

How depends on OS and browser.

Arne

On Oct 13, 7:57=A0pm, Arne Vajh=F8j <a...@vajhoej.dk> wrote:
> On 13-10-2010 13:49, zigzagdna wrote:
>
> > Yes, pop-up message is for what you say. I did not go to each user's
> > browser; instead when I was running java commands =A0on web server to
> > install certficates in a kety store which is used by Tomcat; java
> > command asked me whether certificate is to be trusted.
> > How does browser decides whether
> > "certificate is not signed by a trusted authority". Is certifcate have
> > to be installed in some place on user's PC. If yes where?
>
> This is a security feature.
>
> If a site claims to be java.sun.com and the certificate is
> signed by a company that the browser know, then there is no
> need to ask.
>
> If the browser does not know the signer of the certificate,
> then you get prompted.
>
> There are no way you can disable that server side. For
> obvious reasons otherwise the hackers would let their
> fake java.sun.com disable the check as well.
>
> You either need to buy a certificate from one of the
> known vendors or install the the signing certificate
> at each client PC.
>
> How depends on OS and browser.
>
> Arne

Arne:

Thanks a lot. As alwyas you are extremely knowledagbale and your
answers are very clear.