This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Basic auth + ssl on client side Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Basic auth + ssl on client side" Watch "Basic auth + ssl on client side" New topic

Basic auth + ssl on client side

H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 393
Basic, I need to set up basic auth + ssl on client side:

Thru GOOGLE, I got below code works for ssl part.

Basically, trustStore has the server public cerficate/key imported.

Am a beginnger in this area

1. is there any other way doing the same?
2. what is the prefer way by your experience?

1M Thanks.
Arshad Noor
Ranch Hand

Joined: Oct 06, 2011
Posts: 34
If your objective is to establish an SSL ClientAuth session between a web-site and a program you've written in Java, then no, there is no other way to do this.

What you're seeing is just half the equation for the SSL protocol - ServerAuth - where the client program determines which Certificate Authority (CA)'s certificates it will trust to establish an SSL session with on the remote side.

You will also need a keystore with a private-key and digital certificate for your application client, and configure the remote web-server to REQUIRE client-authentication on the SSL/TLS port. Once you've done both, then you can continue to add code to your Java program that uses the client-certificate and keystore to respond to the ClientAuth part of the SSL session establishment protocol.

Hope that helps.

Arshad Noor
StrongAuth, Inc.
H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 393
My intention is ask for ServerAuth but my wording is about ClientAuth.

Now with what you explained and clarified, I got 2 answers for 1 question.

Great teacher, you're.
jQuery in Action, 2nd edition
subject: Basic auth + ssl on client side
Similar Threads
The server sent HTTP status code -1
How to implement certificate/security into web service client
Setup truststore in Tomcat
SSL settings for Stand-Alone Java Application in Sun JRE
Totally lost, need help!