Solar Website Security Certificate Warnings

When browsing to a secure portion of the Solar web start page (Session Manager, Connection Pool, etc.), you will receive an error similar to the following:

“There is a problem with this website’s security certificate. The security certificate presented by this website was issued for a different website’s address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website.”

The warning is expected, and can be safely ignored. Regardless of any warnings, all web traffic over HTTPS between the client and application server is fully encrypted.

The way certificates work in regards to web browsing is as follows: the web browser notices there is an HTTPS connection and attempts to verify the certificate given against both the certificate authority that signed the certificate, as well as the FQDN of the destination address.

In this case, the web browser sees that the certificate is signed by a non-trusted authority, and that the destination’s IP address doesn’t appear in the certificate. This warning will always appear, because Eclipse signs our own certificates and does not customize them for each customer. To remove the warning, each customer would have to generate a certificate from a trusted authority (i.e. VeriSign) for each unique web address. Each of these certificates would have to be re-integrated with each change to the application server (i.e. point upgrade). Eclipse has weighed the warning vs. the practicality of doing this for every customer and chose to self-sign a generic certificate to provide encryption without authentication.┬áThis is an industry standard practice for secure websites on a company Intranet where a server’s identity is known.

If a customer wishes to order and install their own security certificates, they may do so at their own expense and without support from Eclipse.