Then how do client like psi will report about the certificate?
I have made self-signed certificate and I have been through the process of making psi not to complain the certificate. I want to know how it might affect my setting. But it sure is a nice feature.
Poor ''ol Bob. He just sits there all day looking at posts to make links between the Jira and Jive Forums. I feel so bad for him as it has to be really monotonous.
Ok, I’'m kidding. It is automated. I assume it looks for “JM-###” and creates the link. And it is a wonderful feature.
I’'m not sure if you are asking 1 or 2 questions here so I will try to give as much info as possible.
How does it work with self-signed certificate?
Then how do client like psi will report about the
certificate?
I have made self-signed certificate and I have been
through the process of making psi not to complain the
certificate. I want to know how it might affect my
setting. But it sure is a nice feature.
Server certificates are kept in resources\security\keystore. Certificates can be signed by a publicly known Certificate Authority (CA) or just be self-signed. Usually self-signed certificates are not meant to be used in production environments since the identity of the server cannot be really trusted. However, self-signed certificates as well as certificates signed by a CA can both be used to encrypt/secure a connection (i.e. for TLS/SSL).
Server certificates are used in 2 cases: 1) When a client connects to the server the client will validate the server certificate to confirm the identity of the server and 2) When a remote server connects to your server the remote server will also need to verify the server identity by checking the server certificates. Case #2 only happens between servers that support TLS for s2s.
In case #1 that is the case that you are asking it’'s up to the client to decide if he is going to accept a self-signed server certificate. If the client accepts the self-signed certificate then the connection will be secured and things will flow without any problem. However, if the client does not accept self-signed certificates then the connection will not be secured. The client can always try to connect using an unsecured connection and if the server allows unsecured connections then things will be fine.
If you are asking how are we going to deal with certificate signing in JM-492 then the answer will be that the admin console will need to not only generate certificates but also export and import them. So once a CA has signed a certificate you should be able to import it. That’'s why the security page is now showing if the certificate is self-signed as a way to indicate if the signed certificate has been imported or not.
Let me know if you need more info or have any other questions.
Thanks for taking time to answer me. So JM - 492 will let the Sys admin to be able to generate self-signed certificate easily and don’'t need to go through hassle like this http://www.jivesoftware.org/community/thread.jspa?threadID=16804&tstart=0 instead of the John Doe certificate? That would be pretty cool for junior sys admin like me.
For importing, I understand that it is for importing CA signed certificate. Why does Wild Fire need exporting? What format will it export?
I remember that Jive Messenger has an issue not working well with self-signed certificate that does not use the default password. Has the issue fixed yet?