Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / November 2005

Tip: Looking for answers? Try searching our database.

Certificate distribution

Thread view: 
Enable EMail AlertsStart New Thread
jorgen.wahlund@gmail.com - 28 Oct 2005 13:25 GMT
I have a issue with certificates that I want to solve easy, without
supplying the customers with updated certificates.

I run Tomcat 5.0 application server

I have made a client that uses Apache StrictSSLProtocolSocketFactory to
create the SSL socket. Every client need today to have valid
certificates stored on there local computer. When the certificate
became old, we need to distribute new updated certificates to them.

The actual behaviour I want is more like how a browser work (check
https://secure.registerapi.com/services/whois.php for instance). The
only reason for SSL is to encrypt the trafic between the client and
server. Not to match servername/clientnames and so on.

How should I do? Is it possible in Java?

Can someone direct me to a good example or guide?

Best regards
Jörgen
Reply to this Message
Mike Amling - 29 Oct 2005 00:35 GMT
> I have a issue with certificates that I want to solve easy, without
> supplying the customers with updated certificates.

  Are these certificates that authenticate the customer? or
authenticate your server?

--Mike Amling
Reply to this Message
jorgen.wahlund@gmail.com - 30 Oct 2005 09:33 GMT
They are not in any way authenticate the customer or server. Just used
to encrypt the traffic.
Reply to this Message
Ben_ - 30 Oct 2005 11:35 GMT
Why do you use Client Certificate, if it's not for client authentication ?
Reply to this Message
jorgen.wahlund@gmail.com - 05 Nov 2005 03:48 GMT
Well Ben,
thats sort of what the question is about. What (or how) shall I use
instead if I only use it for encrypting the traffic.

Ben_ skrev:

> Why do you use Client Certificate, if it's not for client authentication ?
Reply to this Message
Ben_ - 05 Nov 2005 08:34 GMT
Use server certificate only.

It will verify the identity of the server and encrypt the traffic.

You can see this when you go to any secured web site (web shop, eBanking,
etc): it turns to https to encrypt the traffic but it doesn't require you
have a certificate. Only the server needs one.

This should be enough if the requirement is only to encrypt the traffic.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.