How to use SSL to work with a secure...

Murach's Java Servlets/JSP (3rd Ed.), C15 © 2014, Mike Murach & Associates, Inc.

Slide 1

Chapter 15

How to use SSL to work with

a secure connection


Slide 2

Objectives

Applied

1. Develop web applications that use secure connections whenever

that’s needed.

Knowledge

1. Explain how the use of secure connections secures the data that’s

used in an application.


Slide 3

A request made with a secure connection

A lock icon is

displayed

The URL starts

with https


Slide 4

An introduction to SSL

Transport Layer Security (TLS) and Secure Sockets Layer (SSL)

are the protocols used by the Internet that allow clients and servers

to communicate over a secure connection.

Although there are slight differences between SSL and TLS, the

protocol remains substantially the same.

With SSL, the browser encrypts all data that’s sent to the server

and decrypts all data that’s received from the server.

With SSL, the server encrypts all data that’s sent to the browser

and decrypts all data that’s received from the browser.

SSL is able to determine if data has been tampered with during

transit, and verify that a server or a client is who it claims to be.


Slide 5

A digital secure certificate


Slide 6

Types of digital secure certificates

Certificate Description

Server certificate Issued to trusted servers so client computers

can connect to them using secure connections.

Client certificate Issued to trusted clients so server computers

can confirm their identity.


Slide 7

How authentication works

Authentication is the process of determining whether a server or

client is who and what it claims to be.

When a browser makes an initial attempt to communicate with a

server over a secure connection, the server authenticates itself by

providing a digital secure certificate.

If the digital secure certificate is registered with the browser, the

browser doesn’t display the certificate by default.

The user can typically view the certificate by clicking on the lock

icon that’s displayed by the browser.

In rare cases, the server may request that a browser authenticate

itself by presenting its own digital secure certificate.


Slide 8

Some certificate authorities that issue digital secure certificates www.symantec.com/ssl-sem-page

www.godaddy.com/ssl

www.globalsign.com

www.startcom.org

www.comodo.com/


Slide 9

SSL strengths

Strength Pros and Cons

40-bit Relatively easy to crack the encryption

code.

56-bit Thousands of times stronger than 40-bit.

Still possible to crack.

128-bit Over a trillion times a trillion times

stronger than 40-bit.

Extremely difficult to crack.

More expensive.

256-bit Virtually impossible to crack the

encryption code.

More expensive.

Not all browsers support it.


Slide 10

How to get a digital secure certificate

To use SSL, you must first purchase a digital secure certificate

from a trusted certificate authority (CA) and install it on your

server.

A CA is a company that issues and manages security credentials.

To verify information, a CA must check with a registration

authority (RA).

Installing a digital secure certificate enables SSL.

SSL strength refers to the length of the generated key that is

created during the encryption process. The longer the key, the

more difficult to crack the encryption code.

The SSL strength that’s used depends on the strength provided by

the certificate, the strength supported by the web server, and the

strength supported by the browser.


Slide 11

A command prompt after creating a secure certificate for testing


Slide 12

Tomcat’s server.xml file

The Connector element for an SSL/TLS connection 

<Connector port="8443"

protocol="org.apache.coyote.http11.Http11NioProtocol"

SSLEnabled="true" maxThreads="150"

scheme="https" secure="true"

clientAuth="false" sslProtocol="TLS"

keystoreFile="${user.home}/.keystore"

keystorePass="changeit"/>


Slide 13

How to configure SSL/TLS on a local system

1. Use the Command Prompt (Windows) or Terminal (Mac) to create

a keystore file.

Use the cd command to navigate to the bin directory of your

JDK.

Run the keytool command and respond to the prompts.

Be sure to use “changeit” as the keystore password

Press Enter to use the same password for the key password.

2. Edit the server.xml file in Tomcat’s conf directory.

Remove the comments from the Connector element for the

SSL connector.

Edit its attributes.

3. Restart Tomcat.


Slide 14

SSL/TLS notes

The Java Secure Socket Extension (JSSE) API is a collection of

Java classes that enable secure connections within Java programs

by implementing a version of the SSL and TLS protocols.

To test SSL connections in a local environment, create a self-

signed certificate. To do that, you create a keystore file.

By default, Tomcat’s server.xml file defines the protocol as TLS,

not SSL. As a result, newer browsers use TLS, and older browsers

use SSL.


Slide 15

The URL you can use to test the local SSL connection

https://localhost:8443


Slide 16

Warning page for the security certificate


Slide 17

If SSL is set up correctly on the local system


Slide 18

Common problems configuring the local SSL connection

Problem 1

Problem: Tomcat can’t find the keystore file. It throws a

java.io.FileNotFoundException.

Solution: Make sure the .keystore file is located in your home

directory. For Windows, this directory is C:\Users\user.name.

Problem 2

Problem: The keystore password and key passwords used to

create the keystore file don’t match. Tomcat says, “keystore was

tampered with” or “password was incorrect.”

Solution: Delete old keystore file and create new keystore file.


Slide 19

How to request a secure connection…

on the Internet

https://www.murach.com/email/join.jsp

on a local system

https://localhost:8443/ch15email/join.jsp

Notes

To request a secure connection, use an absolute URL that starts

with https. If requesting a resource from a local system, specify

the port used for secure connections. For Tomcat, that is usually

8443.

Once you establish a secure connection, use relative URLs to

continue using the secure connection.


Slide 20

A JSP that uses a secure connection

Click the lock icon

to view the

certificate


Slide 21

How to return to a regular connection…

on the Internet

http://www.murach.com/email/join.jsp

on a local system

http://localhost:8080/ch15email/join.jsp

Notes

Once you establish a secure connection, the application continues

using that connection as long as you use relative URLs.

To return to a regular HTTP connection after using a secure

connection, code an absolute URL that starts with http.

Date post:	06-Jun-2019
Category:	Documents
Upload:	dangthuy
View:	221 times
Download:	0 times

How to use SSL to work with a secure...

Documents