This week's book giveaway is in the Agile and other Processes forum. We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line! See this thread for details.
i have made my tomcat secure i.e it now runs on https://localhost. But i can download my contents without authenticating whether my client is the right person or not.I dont want this .The whole concept of ssl goes for a toss.i believe , put the client authentication certificate in cacert file right. I also have a doubt where ceritificate in needed also for client and is yes where should we keep this
It sounds like you are confusing encryption with 'certificate authentication'. With encryption you only need a single certificate on the server and nothing on the browser.
dhanya s pillai s
Greenhorn
Joined: Dec 10, 2007
Posts: 4
posted
0
Thankx David for answering my question
yes you are right i have some doubts.Let me explain my problem
When i tried to download files from secure server it gave me a ssl handshake exception
Now when i try to access secure server it works fine. All the request and response is also handled well
What i believe(its my assumption, correct me if i am wrong) is that we would require 2 certificates one server has one client should have,which is kept at the client side .I tried to keep this in the cacert file in the security folder.
The reason is I am using Tomcat for testing purpose.But when i go to verisign certified sign this code may fail.
The encryption is initiated by the server and the server's certificate is used to negotiate a secure connection with the client. While you are right that there is information that needs to be shared by the client and server, this isn't 'held' on the client, it is created for the current SSL conversation during the handshake.
I have simplified a bit, but hopefully I'm still correct.
0
