Skip to Content.
Sympa Menu

grouper-dev - Re: [grouper-dev] grouperClient not require valid SSL

Subject: Grouper Developers Forum

List archive

Re: [grouper-dev] grouperClient not require valid SSL

Chronological Thread 
  • From: Tom Scavo <>
  • To: Chris Hyzer <>
  • Cc: Grouper Dev <>
  • Subject: Re: [grouper-dev] grouperClient not require valid SSL
  • Date: Thu, 22 Jan 2009 13:06:46 -0500
  • Domainkey-signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=sBETv7dnBzzudyE6yAnE0GWa3xjDL1wmmKqI8DSpUiJUBdmF7v801AFimGQOV7evuC K2QaMGWtuFjJxCGAGlIzOZ+FENKuKQWu/mShV5wloSE3ssXU/DvbqqJTktYXqh2M7Vyu GbF9yigcrd+K8dtopY8e5eCmw+U3fnx7k4JkQ=

On Thu, Jan 22, 2009 at 10:10 AM, Chris Hyzer
> My own two cents is that if you can get a valid certificate from a CA in the
> JRE, then you can save yourself money in the long run… I have used comodo
> certs (e.g. positive SSL is $50) and had good luck. I have also used
> godaddy certs ($30), and Im not sure I have connected from Java, I haven't
> had browser issues. Also, don't shy away from getting a long term one so
> you don't have to keep updating it every year. We use a wildcard comodo
> cert so we buy one and use it everywhere (must be the same level in the
> domain name hierarchy).

Here's my two cents worth:

1 cent) Try to avoid self-signed certs (which is not the same as
saying the cert must be a trusted cert from a commercial CA).

2 cent) Have you considered implementing a trusted CA cert store on the

Actually, given your recommendation above, it seems that a trust store
already exists on the client, so why can't you just add the CA cert
that signed the (untrusted) server cert to the trust store and be done
with it? Why is it necessary for the server cert to be a trusted
commercial cert? I must be missing something.


Archive powered by MHonArc 2.6.16.

Top of Page