I am working on an academic project related to web security. I need to create a secure connection between the client(browser) and a server side jsp/servlet. In my sample application I have a simple html form to capture USERNAME and PASSWORD from user and then send these details to serverside jsp/servlet to check that login account exist or not. Now in order to secure the HTML form data I need to encrypt the data at client browser before sending it to server. I don't have to use
java script for client side encryption. I have been asked to achieve the secure connection using certificates.
As far as my knowledge in security I need to create some certificate and then send it to client so that client could use it for security related functions.
I am stuck with following queries:
1. How to create the certificates in java(do I need any third party tool, or is there any java API to create certificates).
2. How should I send the certificate to the client when client firstly requests the application from server. Is there something like:
such that when the user requests the server using URL of server then server returns the certificate.
3. how to use the certificate for encryption at client side (is there any html tag such that if we provide the path of certificate stored at client machine to that tag, then that tag automatically encrypts the HTML form data.)
I would be highly thankful for any help on above mentioned queries.