• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

Mock Exam question 2

 
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
This is the question from j2eecertificate

Question : Which of the following statement regarding the authentication method CLIENT-CERT are true ? ( Check all answers)

1. Supported by all application servers as it is mandeted by the servlet specification.
2. Authentication is performed when the SSL connection is establised.
3. All the commonly browsers support it.
4. All the data between the client and server is encrypted.
5. Requires a digital certificate which has been issued from a recognised certification authority.

The answers given are 2,3,4,5. Look correct. But I have little dout.

Is the SSL connection is mandeted by spec to use CLIENT-CERT authentication, though most of the application servers implemented it. Some application server generates their own 128 bit SSL certificates in testing environment, so the purchasing of digital certificate is not required if you are not using it for productin environment.

so I think option 2 and 5 are ambiguous. Can anyone provide explaination please.


Thanks
 
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

However, there is not much specified in Servlet Specs about security, but If you see on page 95 of Servlet Specs, they have given

End user authentication using HTTPS (HTTP over SSL) is a strong authentication mechanism. This mechanism requires the user to possess a Public Key Certificate (PKC).



even in HFSJ, they have mentioned that certificate is required for CLIENT-CERT. and I don't have any experience in this field, so I dn't know anything about application server generates their own 128 bit SSL certificates in testing environment...

Regards,
 
Narendra Dhande
Ranch Hand
Posts: 951
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi sushma

Here is link , if you are interested in how to configure free SSL for tomcat using Java keytool

Free SSL for tomcat

Thanks
 
Politics n. Poly "many" + ticks "blood sucking insects". Tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic