This week's giveaway is in the EJB and other Java EE Technologies forum.
We're giving away four copies of EJB 3 in Action and have Debu Panda, Reza Rahman, Ryan Cuprak, and Michael Remijan on-line!
See this thread for details.
The moose likes Security and the fly likes developing and testing ssl Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "developing and testing ssl" Watch "developing and testing ssl" New topic
Author

developing and testing ssl

azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
Hi
I am developing an ecommerce application .
The site requires ssl for secure communication.

I do not have access to the production server.

I need to know how to test SSL on a local system/network.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?


Ping & DNS - updated with new look and Ping home screen widget
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
Originally posted by Ulf Dittmer:
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?


I am not sure as I never worked with ssl.
But wat I know technically, ssl certificate shud be provided by a verifying authority. Currently the client has not provided ssl certificate details.

I need something to emulate an ssl certificate just to test the secure pages.
Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 290

Not a must. You can create self signed certificates. Or you can get a trail certificate from Thwate Trial.


OCP/MCP/SCJP/SCWCD/IBM XML/SCMAD/SCEA-1
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).
[ September 15, 2007: Message edited by: Ulf Dittmer ]
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
Originally posted by Ulf Dittmer:
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).

[ September 15, 2007: Message edited by: Ulf Dittmer ]



Where can i get information in creating self-signed certificate?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
The page I linked to explains that.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: developing and testing ssl
 
Similar Threads
is there a any validation API in java
can I use RMI-IIOP over SSL?
WA #2 ..... word association
SSL implementation for webpages
Want send username and password in url in some secure manner