• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

SSL Basic Concepts

 
Ranch Hand
Posts: 238
1
Eclipse IDE Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,
I have just started to learn SSL,and after going through many documents on the internet,I want to conclude few points and want your suggestions.(mainly regarding SSL certificate)

1:SSL certificate contains the public key of the server.
2:SSL certificate is created by the CA after the requester submits the CSR(Certificate signing request) to the CA.
3:The keystore stores the private key and the certificate(s).
4:In order to create a self-signed certificate,we will have to create our own CA,CSR and then use keytool to generate the certificate by submiting the CSR to the CA.
5:When the CA creates the certificate,in order to sign it,it uses the private key generated before.
6:There is no other way to create a certificate other than creating a CSR and getting it signed by CA(may be self-created).

These are the few points about which I need assurance.
Please guide me through.

Thanks.
 
Ranch Hand
Posts: 820
IntelliJ IDE VI Editor Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Sudhanshu Mishra wrote:Hi all,
I have just started to learn SSL,and after going through many documents on the internet,I want to conclude few points and want your suggestions.(mainly regarding SSL certificate)

4:In order to create a self-signed certificate,we will have to create our own CA,CSR and then use keytool to generate the certificate by submiting the CSR to the CA.



for a self-signed certificate, you do not have to submit anything to a CA. Yes, it is possible to create your own internal CA and then submit your CSR to that, but it is not required in using a self-signed CA.
Read this page:
https://help.ubuntu.com/10.04/serverguide/C/certificates-and-security.html

it has good information, including setting up your own internal CA with a root certificate .
 
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are two steps involved with using SSL.
1) The first step is you create the private and public key and the certificate. You can do this with the java keytool command. This will store the private key, public key and certificate in the keystore. You can then tell your web server to use this keystore and you can start using SSL. This is known as a self-signed certificate. If someone connects to your web site with a self signed certificate they will get a warning message that will say something like "This site is untrusted, do you wish to continue?"
Maybe this OK if you want to use SSL internally. At my work, most internal servers with SSL are setup this way. We just ignore the warning messages.

Now if you want users to be able to go your web site without a warning message, you must get a CA to sign your certificate. You can use the java keytool command to create a CSR (Certificate Signing Request). This creates a small file that you send to the CA. The CSR only contains the public part of the certificate. Remember you never want anyone to to have access to your private key. After the CA signs the request, they will send you back a file. You can then use the keytool command again to import that file into the keystore. After you do this, your certificate will contain a signature of the CA. Now when users connect to your web site, they will not get the warning message.

There is a good book about this. I have sitting on my desk at work and I am at home now so I cannot give you title until Monday morning. In the book, it shows how to do each step with the keytool command.
 
Ranch Hand
Posts: 924
1
Netbeans IDE Fedora Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Dave Trower wrote:There are two steps involved with using SSL.
1) The first step is you create the private and public key and the certificate. You can do this with the java keytool command. This will store the private key, public key and certificate in the keystore. You can then tell your web server to use this keystore and you can start using SSL. This is known as a self-signed certificate. If someone connects to your web site with a self signed certificate they will get a warning message that will say something like "This site is untrusted, do you wish to continue?"
Maybe this OK if you want to use SSL internally. At my work, most internal servers with SSL are setup this way. We just ignore the warning messages.

Now if you want users to be able to go your web site without a warning message, you must get a CA to sign your certificate. You can use the java keytool command to create a CSR (Certificate Signing Request). This creates a small file that you send to the CA. The CSR only contains the public part of the certificate. Remember you never want anyone to to have access to your private key. After the CA signs the request, they will send you back a file. You can then use the keytool command again to import that file into the keystore. After you do this, your certificate will contain a signature of the CA. Now when users connect to your web site, they will not get the warning message.

There is a good book about this. I have sitting on my desk at work and I am at home now so I cannot give you title until Monday morning. In the book, it shows how to do each step with the keytool command.




i would like to know the title of the book. i shall wait for your reply .
 
Dave Trower
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The name of the book is "Developing Web Services with Apache Axis" by Tung Ka Iok,Kent

The book is a tutorial on how to create web services using all free open source products such as Tomcat, Apache Axis, etc.
Chapter 9 is "Signing and encrypting SOAP messages". This chapter talks about how to use the java keytool command to create certificates, get them signed, etc.
 
Greenhorn
Posts: 21
Eclipse IDE Oracle Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello ranchers

for a self-signed certificate, you do not have to submit anything to a CA. Yes, it is possible to create your own internal CA and then submit your CSR to that, but it is not required in using a self-signed CA.
Read this page:



just want to know that can i use/ create my own certificate, to be used as a demo/prcetice work on SSL implementation, is there any specific tool for that, and how to configure tomacat 7.0 for that.. ???

thank you
 
yeah, but ... what would PIE do? Especially concerning this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic