Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

developing and testing ssl

 
azhar bharat
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I am developing an ecommerce application .
The site requires ssl for secure communication.

I do not have access to the production server.

I need to know how to test SSL on a local system/network.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?
 
azhar bharat
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?


I am not sure as I never worked with ssl.
But wat I know technically, ssl certificate shud be provided by a verifying authority. Currently the client has not provided ssl certificate details.

I need something to emulate an ssl certificate just to test the secure pages.
 
Aryan Khan
Ranch Hand
Posts: 290
Java Oracle Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not a must. You can create self signed certificates. Or you can get a trail certificate from Thwate Trial.
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).
[ September 15, 2007: Message edited by: Ulf Dittmer ]
 
azhar bharat
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).

[ September 15, 2007: Message edited by: Ulf Dittmer ]



Where can i get information in creating self-signed certificate?
 
Ulf Dittmer
Rancher
Pie
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The page I linked to explains that.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic