Hello Lalit, > Can we use SSL feature without providing server or client certificates?
The server will always have to have a certificate installed. It is possible to disable the check of the server certificate on the client. For example, the EasySSLProtocolSocketFactory accepts self-signed certificates: http://svn.apache.org/repos/asf/jakarta/commons/proper/httpclient/trunk/src/contrib/org/apache/commons/httpclient/contrib/ssl/EasySSLProtocolSocketFactory.java This is not a recommended practice, though. If you are deploying a productive application, you should use real certificates and deploy the base certificates required for certificate checking. You could for example ship a truststore as part of the client application deliverable. The client does not need to present a certificate to the server, unless the server is configured to perform certificate based client authentication. It only needs base certificates for verifying the server certificate, unless you disable that check. By the way, we now have a FAQ discussing client authentication: http://wiki.apache.org/jakarta-httpclient/FrequentlyAskedApplicationDesignQuestions It's brand new, otherwise I would have posted the link last week. cheers, Roland --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
