It's not a secret anymore!
The moose likes Security and the fly likes developing and testing ssl Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Engineering » Security
Reply Bookmark "developing and testing ssl" Watch "developing and testing ssl" New topic
Author

developing and testing ssl

azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
posted private message
0
Quote
Hi
I am developing an ecommerce application .
The site requires ssl for secure communication.

I do not have access to the production server.

I need to know how to test SSL on a local system/network.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35242
    
    7
posted
0
Quote
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?

Android appsImageJ pluginsJava web charts
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
posted private message
0
Quote
Originally posted by Ulf Dittmer:
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?


I am not sure as I never worked with ssl.
But wat I know technically, ssl certificate shud be provided by a verifying authority. Currently the client has not provided ssl certificate details.

I need something to emulate an ssl certificate just to test the secure pages.
Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 289
posted private message
0
Quote
Not a must. You can create self signed certificates. Or you can get a trail certificate from Thwate Trial.

OCP/MCP/SCJP/SCWCD/IBM XML/SCMAD/SCEA-1
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35242
    
    7
posted
0
Quote
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).
[ September 15, 2007: Message edited by: Ulf Dittmer ]
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
posted private message
0
Quote
Originally posted by Ulf Dittmer:
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).

[ September 15, 2007: Message edited by: Ulf Dittmer ]



Where can i get information in creating self-signed certificate?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 35242
    
    7
posted
0
Quote
The page I linked to explains that.
 
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to run our stuff on 16 servers instead of 3.
 
subject: developing and testing ssl
 
Similar Threads
SSL implementation for webpages
WA #2 ..... word association
can I use RMI-IIOP over SSL?
Want send username and password in url in some secure manner
is there a any validation API in java