aspose file tools*
The moose likes JSP and the fly likes creating a secure connection between a browser client and java server side Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "creating a secure connection between a browser client and java server side" Watch "creating a secure connection between a browser client and java server side" New topic
Author

creating a secure connection between a browser client and java server side

Rajeev Pratap
Greenhorn

Joined: Jun 09, 2012
Posts: 4


I am working on an academic project related to web security. I need to create a secure connection between the client(browser) and a server side jsp/servlet. In my sample application I have a simple html form to capture USERNAME and PASSWORD from user and then send these details to serverside jsp/servlet to check that login account exist or not. Now in order to secure the HTML form data I need to encrypt the data at client browser before sending it to server. I don't have to use java script for client side encryption. I have been asked to achieve the secure connection using certificates.

As far as my knowledge in security I need to create some certificate and then send it to client so that client could use it for security related functions.

I am stuck with following queries:

1. How to create the certificates in java(do I need any third party tool, or is there any java API to create certificates).

2. How should I send the certificate to the client when client firstly requests the application from server. Is there something like:

such that when the user requests the server using URL of server then server returns the certificate.

3. how to use the certificate for encryption at client side (is there any html tag such that if we provide the path of certificate stored at client machine to that tag, then that tag automatically encrypts the HTML form data.)

I would be highly thankful for any help on above mentioned queries.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42608
    
  65
Sounds like you are trying to recreate HTTPS from scratch, which I would advise against. It's much better to use a well-established technology than trying to roll your own.


Ping & DNS - my free Android networking tools app
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: creating a secure connection between a browser client and java server side