Brian,
To implement strong security with public/private key pairs and certificate
authentication,
you might benefit by investigating the PKIX standard (see IETF web site, or
VeriSign
web side). Solutions provided by such companies as
Baltimore Technologies, Entegrity Solutions, Celo Communications, and SSE
(www.sse.ie).
These products basically install a client-side proxy and a server-side proxy
(between browser and web server) to implement bi-lateral authentication
using certificates and public/private key pairs. A third component
of the system requires a certification authority (CA). In some cases this
system may be purchased from the vendor, or it may be provided
at no additional cost from the vendor. Depending upon the size of
the client group, the CA may be small or large. The CA creates
certificates for each client on your network, as well as storing them
so that other clients may look up the recipients cert before sending
a message.
-- Pat
Brian Silberbauer wrote:
> Hi all
>
> I am developing a site for a group of clients who will be connecting to
> our site via SSL for security
> reasons. I have decided to use client authentication instead of manual
> login for added security and will
> allow the client to add users to the system via an admin certificate. ie
> All clients are issued with admin
> certs which in turn are used to generate user certs. I just need a bit
> of clarity on some issues and some
> help with others.
>
> The way I understand it:
>
> The web server has one public and private key from which you can create
> certificates.
> The browser has one public and private key from which you can generate
> certificates.
> If I create a web server certificate, the client needs to insert a root
> certificate into his browser, for it to
> recognize the site.
>
> How do I:
>
> create the certificate
> generate the root certificate
>
> I know there are some sun. classes for handling some of this (there is
> an example that comes with
> JWS2.0) and that jdk2.0 has some certificate handling functions. The
> real problem is inserting the
> certificates into the web server and the browser and inserting the ca
> root certificate (which I will be
> generating.
>
> Any info will be much appreciated!
>
> brian
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
