Results 1 to 2 of 2

Thread: Java and SSL

  1. #1
    Annuate is offline Member
    Join Date
    Jun 2012
    Posts
    1
    Rep Power
    0

    Lightbulb Java and SSL

    Hi, I am working on a project this summer(as a learning experience) using java and databases. I have the program set up as a client/server model. The client talks to the server which retrieves information from the database and sends it back to the client. I would like to implement a login system, but I would like to do it securely. I would imagine that sending the username + password in a serialized object isn't quite the best form of security for my hypothetical users. I found a tutorial using SSL in java HERE and got it set up and running. Unfortunately I don't see how to make use of this in a application if it were to be distributed to other users. Particularity dealing with the certificate and how it has to be the same for the server and the user? Is there one certificate with the server that is distributed with the client program? or is there a separate certificate for each user? I believe it is the former but I have a question about the password that is provided with the certificate as in the example; Is the password used with the certificate just the public key for the RSA encrytion or is it different per user? Explanation and/or resources explaining would be greatly appreciated. Thanks :)

  2. #2
    TimmerCA is offline Member
    Join Date
    Jun 2012
    Posts
    10
    Rep Power
    0

    Default Re: Java and SSL

    Quote Originally Posted by Annuate View Post
    Unfortunately I don't see how to make use of this in a application if it were to be distributed to other users. Particularity dealing with the certificate and how it has to be the same for the server and the user?
    When you are ready to distribute your application to the real world, you'll need to buy an SSL certificate from a certificate vendor that is recognized by Java's default key store. If you do that, then the clients will accept the server certificate without you needing to distribute your self-signed certificate to your clients.

    Another, much more complex, solution is here:

    Custom SSL for advanced JSSE developers

    (Look at the "Roll your own TrustStore" part)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •