|Applies To||RSA BSAFE SSL-J|
|Issue||When a client written with RSA BSAFE SSL-J verifies the server's certificate, does it check that the URL in certificate matches the URL of connection?|
|Resolution||No explicit checking is done by the RSA BSAFE SSL-J toolkit to check if the URL in the certificate matches the URL of the connection. Basically, if the other party has a private key corresponding to a certificate signed by a trusted CA, the CA is vouching for the holder of the keypair.|
The SSL specification does not say that the URL must be present in the certificate. Checking for that is not part of the SSL protocol. Your application may choose to do this though (for example, a web browser may pop up a warning to tell you if the URL you entered does not match the one in the certificate, but it is not a fatal error).
You can use the Cert-J APIs (SSL-J 3.1 relies on Cert-J 1.0) to extract the needed information from the subject name in order to compare it to the URL.
|Legacy Article ID||a3220|