• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

creating a secure connection between a browser client and java server side

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


I am working on an academic project related to web security. I need to create a secure connection between the client(browser) and a server side jsp/servlet. In my sample application I have a simple html form to capture USERNAME and PASSWORD from user and then send these details to serverside jsp/servlet to check that login account exist or not. Now in order to secure the HTML form data I need to encrypt the data at client browser before sending it to server. I don't have to use java script for client side encryption. I have been asked to achieve the secure connection using certificates.

As far as my knowledge in security I need to create some certificate and then send it to client so that client could use it for security related functions.

I am stuck with following queries:

1. How to create the certificates in java(do I need any third party tool, or is there any java API to create certificates).

2. How should I send the certificate to the client when client firstly requests the application from server. Is there something like:

such that when the user requests the server using URL of server then server returns the certificate.

3. how to use the certificate for encryption at client side (is there any html tag such that if we provide the path of certificate stored at client machine to that tag, then that tag automatically encrypts the HTML form data.)

I would be highly thankful for any help on above mentioned queries.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sounds like you are trying to recreate HTTPS from scratch, which I would advise against. It's much better to use a well-established technology than trying to roll your own.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic