Win a copy of Beginning Java 17 Fundamentals: Object-Oriented Programming in Java 17 this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Applets, SSL Sockets, and Certificates

Posts: 14
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am developing an client/server application using SSL sockets and a trial certificate from Thawte. The client is a Java applet. The server is an inhouse developed program running on the host the applet is downloaded from - the originating host.

I have performed the following steps:

1. Generate a key pair and keystore using Sun's keytool
1. Generate a CSR.
2. Obtain a 20 day PKCS#7 test certificate from Thawte.
3. Import the test certificate into the original keystore.
4. Sign the jar file with the test certificate (otherwise step 6 is not permitted.)
5. Include the keystore in the applets jar file as a truststore and as a keystore on the host the server runs on.
6. Programatically, read the truststore when creating the SSL socket in the applet.

This process works.

However, I thought that it would be unsecure to include the keystore in the applet. I thought the keystore contained the server's public/private key pair. However, I now realize that when the Thawte signed certificate is imported into the keystore it replaces the original public/private key pair.

What I don't understand is how the encryption takes place. The client is using the keystore containing the signed certificate as its truststore and the server has the same keystore containing the signed certificate. But where is the private key used for encryption? Is this process I have described secure? In other words, if someone retrieved the keystore/truststore from the applet would that be a security hazard? Would it be better to have the applet download the truststore from the server?

I thought I would need two different keystores. The original keystore containing the public/private key pair on the server and a trust store on the client containing the signed certificate. I tried this; however, I was unable to import the signed certificate into a new keystore. I could only import it into the keystore containing the original public/private key pair.

Thanks for your assistance,

Gary Blomquist
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    Bookmark Topic Watch Topic
  • New Topic