Borland VisiBroker® 7.0 - Borland Technical Publications

Using IIOP/HTTPSHere are several examples that illustrate this condition and ways in which you canwork:■■Internet Explorer ships with a list of trusted Network Server Certificates Authority. Ifyour server certificate is not issued by one of the trusted CAs, (the certificatesshipped with bank_https, for example) IE asks for permission before establishing anHTTPS connection. The IIOP/HTTPS operation fails because the Microsoft JVMdoes not seem to support an HTTPS connection that requires user interaction.There are a number of ways to handle this situation:■■■■Make sure your server certificates are issued by a CA already trusted by InternetExplorer.Install the root certificate into IE as a trusted Network Server certificate. Openinga certificate file (for example, cacert.crt in bank_https) gives you the opportunityto install the certificate.Use the GateKeeper to download the root certificate to the browser. Thebank_https example shows how to do this.Commercial CAs usually provide a link that allows you to install their rootcertificate.GateKeeper, by default, does not ask for the client identity. Although, you canenable this function by setting ssl_request_client_certificate=true in the GateKeeperconfiguration file, you cannot use IIOP/HTTPS because the browser asks forpermission before responding with the user's credentials.Internet Explorer optionally requires the Common Name field within the servercertificate to be the same as the host name of the server. From the View|InternetOptions menu, select the Advanced tab and scroll to the Security section. Make surethe box next to Warn about invalid site certificates is not checked to use a servercertificate that does not contain the host name of the server.Chapter 2: Getting Started with Security 23