miércoles, agosto 08, 2012

Notas para tarea de webservice sobre https

Primero algunos conceptos
  • SSL (Secure Socket Layer) is a protocol to encrypt information.
  • HTTPS is nothing but HTTP + SSL. HTTPS ensures that the information being transferred over HTTP is secured from theft.
  • SSL Certificate contains Public Key + Identity information of the website/company which is verified by the Certification authority (visit Reference #3, #4 if you don't understand this).
  • TrustStore: file that contains the server certificates that are required by JVM for accepting SSL connections with trusted servers (simply: to trust outbound connections).
  • KeyStore: file that contains client certificates that are required by JVM for establishing an SSL connection with a server that requires client certificate authentication.

Note: Technically, there is no difference between TrustStore & KeyStore. They both are essentially used for storing SSL Certificates.

JVM comes with a Certificate Store called 'cacerts'.

It resides in "\jre\lib\security\cacerts". 'cacerts' is JVM's default TrustStore as well as default KeyStore.

keytool -import -alias ca -file somecert.cer -keystore cacerts –storepass changeit
Trust this certificate: [Yes]

echo "" | openssl s_client -connect my.server.com:443 -showcerts 2>/dev/null | openssl x509 -out certfile.txt


No hay comentarios.: