[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[THREDDS #ZTB-960075]: Thredds + Apache + SSL



> 
> 
> 
> Unidata netCDF Java Support wrote:
> > 1. you should tell the Army theres no point in using ssl without 
> > authentication,
> you are just slowing everything down for no gain.
> 
> We have tried reasoning with the Army but as you might guess it is
> somewhat futile.

i guess it was a rhetorical statement

> 
> >
> > 2. im not really sure if things fail because theres no authentication, or 
> > because
> of the self-signed certificate. If you can eliminate one of those
> possibilities, that would be helpful.
> 
> The Army machines require certificates from the DOD and not from
> Thawte or other private type CAs.  It isn't technically self signed
> but probably most browsers don't recognize the DOD as an official CA.
> 
> I can turn on the authentication via thredds if you think that will
> help.

one thing that would probably work is to add the DOD cert to your client(s) 
trusted certificate store. is that feasible? 

we are looking at how to allow self-signed certificates but im not sure how 
long it will take us to do that. 


Ticket Details
===================
Ticket ID: ZTB-960075
Department: Support netCDF Java
Priority: Urgent
Status: Open