Win a copy of Kotlin in Action this week in the Kotlin forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

How to secure webservices using SSL  RSS feed

 
Kumar Raja
Ranch Hand
Posts: 548
2
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

In one of my recent interviews, I was asked on how to secure Webservices using SSL. For that I answered them that, a certificate needs to be registered certificate keystore (cacerts) using Keytool utility and instead of using Http, we need to use HTTPS. Apparently my answer was not satisfactory for them and wanted more explanation on that.

Is my answer not adequate or did I miss any important point ? Please advice.
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your answer was very good.
 
Kumar Raja
Ranch Hand
Posts: 548
2
Hibernate Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thank you.

I do not know, what additional information the interviewer wanted to derive from me.

Apart from what I answered, are there any additional changes needed from client perspective ?
 
Jimmy Clark
Ranch Hand
Posts: 2187
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I do not know, what additional information the interviewer wanted to derive from me.


Interesting. How do know that the interviewer was not satisified with your answer? What did they want more explanation on?

In regards to client HTML browsers, there are many security settings related to SSL processing behavior. I doubt that the interviewer was expecting exact details on these settings, or at least he/she should not have been....unless your other responses to other questions created doubt about your experience.

SSL is not a good way to secure web services anyway, so you are most likely better off that they did not like your response.

 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
I don't know if this is what they were after, but there is also the option to have mutual authentication with SSL.
On the client side, you need:
- The client key.
- The server certificate from the server's keystore.
The above are to go in a keystore and a certificates file for the client.

...and on the server side, you need:
- The server's key.
- The certificate from the client's keystore.
Again, the above are to go in a keystore and a certificates file for the server.

A webpage with more details: http://www.java-tips.org/java-ee-tips/java-api-for-xml-web-services/using-jax-ws-based-web-services-wit.html
Best wishes!
 
leo donahue
Ranch Hand
Posts: 327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Kumar Raja wrote:Hi All,
In one of my recent interviews, I was asked on how to secure Webservices using SSL


What about the login/authentication part? Did they ask you specifically about a certain web server? Tomcat requires some minor changes to server.xml. Maybe they were looking for that? Or maybe they wanted you to say something about having the certificate signed by Certificate Authority? The keytool generates self-signed certificates and your users would have to trust your certificate prior to installing it. Some people are just vague though and don't know what they want to ask.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!