aspose file tools*
The moose likes Security and the fly likes developing and testing ssl Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "developing and testing ssl" Watch "developing and testing ssl" New topic
Author

developing and testing ssl

azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
Hi
I am developing an ecommerce application .
The site requires ssl for secure communication.

I do not have access to the production server.

I need to know how to test SSL on a local system/network.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41829
    
  63
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?


Ping & DNS - my free Android networking tools app
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
Originally posted by Ulf Dittmer:
Testing against a local system should be the same as testing against a production system, just with a different URL, no? What difficulties are you facing?


I am not sure as I never worked with ssl.
But wat I know technically, ssl certificate shud be provided by a verifying authority. Currently the client has not provided ssl certificate details.

I need something to emulate an ssl certificate just to test the secure pages.
Aryan Khan
Ranch Hand

Joined: Sep 12, 2004
Posts: 290

Not a must. You can create self signed certificates. Or you can get a trail certificate from Thwate Trial.


OCP/MCP/SCJP/SCWCD/IBM XML/SCMAD/SCEA-1
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41829
    
  63
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).
[ September 15, 2007: Message edited by: Ulf Dittmer ]
azhar bharat
Ranch Hand

Joined: Jul 17, 2006
Posts: 87
Originally posted by Ulf Dittmer:
The procedure to SSL-enable a server differs from server to server. Whichever one you're using should have instructions for how to do that. For Tomcat, they are here.

For testing purposes, you can use a self-signed certificate instead of a commercial certificate. The only difference is that the browser will ask the user whether the self-signed certificate should be accepted (while it will accept a certificate from Thawte or Verisign without asking).

[ September 15, 2007: Message edited by: Ulf Dittmer ]



Where can i get information in creating self-signed certificate?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41829
    
  63
The page I linked to explains that.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: developing and testing ssl