On 30.1.2012 12:44, Geet Chandra wrote:
1. By "*.keystore", do you mean keystore or truststore? Do you understand
the difference between them?
- Could you please explain the difference.

Google is your friend:


http://stackoverflow.com/questions/318441/truststore-and-keystore-definitions


2. Is your customer aware that there is no essential difference in term of
security between JSSE and OpenSSL security implementations?

- They may not be, but I shall get confirmation from them.

Ok, do that. Then, inform us are they still insisting on not using JSSE.


3. Do you plan to use client authentication via HTTPS or not? You are
mentioning truststoreFile later.
- Yes customer wants to use client authentication.

How did your customer generate client certificates? Do you have those certificates? You will need them in order to add them to truststoreFile/SSLCACertificatePath.


4. Is your server certificate self signed or signed by trusted CA? If you
don't use client authentication using HTTPS, and your server is signed by
trusted CA, perhaps there is no need to ship certificate with your
application.
- It is self signed.

If you need non-interactive server authentication, you will most probably need to export server certificate, and distribute it with your application, or make it available for download to the clients.

Server certificate may be inside truststore or .crt file. Client technology should dictate that.

-Ognjen

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to