No Slide Title

Download Report

Transcript No Slide Title

Chapter 13 How to use SSL to work with a secure connection

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 1

Objectives Applied

 Develop web applications that use secure connections whenever that’s needed.

Knowledge

 In general terms, explain how the use of secure connections secures the data that’s used in an application.

 In terms of your Java servlets and the server.xml file, describe what you have to do to implement the use of secure connections.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 2

A request made with a secure connection

The URL starts with https

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

A lock icon is displayed

Slide 3

How SSL works

Secure Sockets Layer

, or

SSL

, is the protocol used by the World Wide Web that allows clients and servers to communicate over a

secure connection

.  With SSL, both the client and browser encrypt all data that’s sent and decrypt all data that’s received.  SSL is able to determine if data has been tampered with during transit.

How TLS works

 The

Transport Layer Security

, or

TLS

, is the protocol that’s the successor to SSL.   Only newer browsers support TLS. If a server implements TLS, the newer browsers will use TLS, but the older browsers will use SSL. Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 4

How authentication works

Authentication

is the process of determining whether a server or client is who and what it claims to be.  When a browser makes an initial attempt to communicate with a server over a secure connection that uses SSL, the server authenticates itself by providing a

digital secure certificate

.  In some instances, the server may also request that your browser authenticate itself by presenting its own digital secure certificate. Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 5

Types of SSL Authentication Authentication

SSL server authentication SSL client authentication

Description

Allows a client to confirm a server’s identity by checking a digital secure certificate that’s installed on the server.

Allows a server to confirm a client’s identity by checking a digital secure certificate that’s installed on the client.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 6

A digital secure certificate

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 7

Common certificate authorities that issue digital secure certificates

www.verisign.com

www.geotrust.com

www.entrust.com

www.equifaxsecure.com

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 8

SSL strength

SSL strength

refers to the length of the generated key that is created during the encryption process. The longer the key, the more difficult to break the encryption code.

The pros and cons of SSL strengths Strength Pros and Cons

40-bit 128-bit It’s less expensive, but easier to break the encryption code.

It’s trillions of times stronger than 40-bit, but it’s more expensive.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 9

How to obtain a digital secure certificate

 To use SSL in your web applications, you must first purchase a digital secure certificate from a trusted

certificate authority

, or

CA

.

Once you obtain the certificate, you send it to the people who host your web site so they can install it on the server.

  A CA is a company that issues and manages security credentials.

To verify information provided by the requestor of the secure certificate, a CA must check with a

registration authority

, or

RA

.

 Once the RA verifies the requestor’s information, the CA can issue a digital secure certificate.

 Since SSL is built into all major browsers and web servers, installing a digital secure certificate enables SSL.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 10

How to configure a local testing environment for SSL

1.

Make sure the JSSE API is installed.

2.

Create a self-signed digital secure certificate as shown in the next figure.

3.

Open the server.xml file that’s in Tomcat’s conf directory and remove the comments from the Connector element that defines an SSL connector on port 8443 as shown in the next figure.

4.

Restart Tomcat.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 11

How JSSE works

 The

Java Secure Socket Extension

API, or

JSSE

, is a collection of Java classes that enable secure connections within Java programs by implementing a version of the SSL and TLS protocols.

 If you want to use a secure connection with your servlets and JSPs, you must have the JSSE API installed on the server.

 If you’re using a commercial web server that supports servlet and JSP development, the JSSE API should already be installed.

 If you’re working in a local testing environment and you’re using version 1.3.1 of the SDK or earlier, you may need to install the JSSE API. However, this API is included with version 1.4 of the SDK and later.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 12

How to install JSSE

 To install the JSSE API, you can copy the jsse.jar file that’s included on the CD that comes with

Murach’s Java Servlets and JSP

from the JavaExtension directory to the SDK’s jre\lib\ext directory.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 13

How to create a secure certificate for testing purposes

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 14

How to define an SSL connection in Tomcat’s server.xml file

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 15

How to configure SSL on a local system

 To test SSL connections in a local environment, you can create a self-signed certificate.

  To create a self-signed certificate, you must create a

keystore file

.

When you create a keystore file, you must use “changeit” as the keystore password, and you should press Enter to use the same password for the key password.

 The keystore file is named .keystore and it’s stored in your operating system’s home directory.

 To define an SSL connection, you can open the server.xml file that’s stored in Tomcat’s conf directory. Then, you can remove the comments from the Connector element as shown above.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 16

How to determine if SSL is set up correctly in the testing environment

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 17

The URL you can enter to test the local SSL connection https://localhost:8443/index.html

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 18

Common problems when configuring the local SSL connection Problem 1

Java can’t find the jsse.jar file. This will cause a java.security.NoSuchAlgorithmException to be thrown.

Problem 2

Tomcat can’t find the keystore file. When you start Tomcat, it will throw a java.io.FileNotFoundException.

Problem 3

The keystore password and key passwords that you used to create the keystore file don’t match. When you start Tomcat, it will display a java.io.FileNotFoundException that says, “keystore was tampered with” or “password was incorrect.” Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 19

A URL that requests a secure connection over the Internet

https://www.murach.com/murach/email13/join_email_list.jsp

A URL that requests a secure connection from a local system

https://localhost:8443/murach/email13/join_email_list.jsp

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 20

A dialog box that may be displayed for secure connections

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Requested resource

Slide 21

Another dialog box that may be displayed for secure connections

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 22

How to request a secure connection

 To request a secure connection, you use an absolute URL that starts with https. If you’re requesting a resource from a local system, you also need to specify the port that’s used for secure connections. For Tomcat, that port is usually 8443.

 Once you establish a secure connection, you can use relative URLs to continue using the secure connection.

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 23

A JSP that uses a secure connection

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Double-click the lock icon to view the certificate

Slide 24

A URL that returns to a regular connection over the Internet http://www.murach.com/murach/index.htm

A URL that returns to a regular connection from a local system http://localhost:8080/murach/email13/join_email_list.jsp

Java Servlets and JSP CH13 © 2003, Mike Murach & Associates, Inc.

Slide 25