Cedar,
glassfish_at_javadesktop.org wrote On 05/10/07 12:15,:
>Hello. I have a certificate for www.abc.com which I've installed into Glassfish. It works great. However, I would also like people to go to https://abc.com and not get a message saying the certificate is for a different site. Is there any way to forward the URL or configure the virtual server to do this? I'd like to not have to buy another certificate...
>
>Thanks!
>
>
This is an HTTP client issue. Your HTTP client compares the host (domain)
name of the request URL with the host name (subject distinguished name)
of the received certificate, and reports an error in case they don't match,
in order to prevent URL spoofing.
If your client were implemented using JSSE, it would be possible for
you to customize the host name matching logic, by implementing JSSE's
HostnameVerifier interface.
See
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#HostnameVerifier
for details.
Jan