Skip to Content.
Sympa Menu

grouper-dev - RE: [grouper-dev] grouperClient not require valid SSL

Subject: Grouper Developers Forum

List archive

RE: [grouper-dev] grouperClient not require valid SSL

Chronological Thread 
  • From: Chris Hyzer <>
  • To: Tom Scavo <>
  • Cc: Grouper Dev <>
  • Subject: RE: [grouper-dev] grouperClient not require valid SSL
  • Date: Thu, 22 Jan 2009 13:47:46 -0500
  • Accept-language: en-US
  • Acceptlanguage: en-US

> Here's my two cents worth:
> 1 cent) Try to avoid self-signed certs (which is not the same as
> saying the cert must be a trusted cert from a commercial CA).
> 2 cent) Have you considered implementing a trusted CA cert store on the
> client?

There is one in java, in our last call, we decided that users can either add
it to their JRE, or turn off verification in grouper client

> Actually, given your recommendation above, it seems that a trust store
> already exists on the client, so why can't you just add the CA cert
> that signed the (untrusted) server cert to the trust store and be done
> with it? Why is it necessary for the server cert to be a trusted
> commercial cert? I must be missing something.

I personally feel that the time/money saved from having to worry about self
signed or untrusted certs is greater than the time/money it takes to get a
trusted cert. Maybe its just me... :) However, Im sure various schools are
setup differently and might take less effort to add their own CA cert into
their trust stores everywhere...


Archive powered by MHonArc 2.6.16.

Top of Page