The official instructions on using publicly signed certs are dated and incomplete. For example, no one ever adequately explains why both RSA and DSA certs continue to be generated on a default install. There's no answer to the basic question: do you need to have both for things to work? I thought I had the public cert installation process right and then discovered an article that gave a completely different take on things (adding Alias entries for search.domain.com and conference.domain.com). As a sanity check I restored the old self-signed certs and everything worked fine. So did Spark on a virgin machine (one that had never had Spark installed before). This is clearly one of those Java Desktop client + Windows = Chaos things. I'd try using a wildcard cert next but am hesitant due to the practicalities involved (justifying the additional expense to management). Can someone please help me get out of this minefield?
↧