Secure Sockets Layer (SSL)

Contents / Index / Glossary / AdminTool Help

When you configure the Secure Web Service in your Java Web Server, you are configuring the web server to use Secure Sockets Layer (SSL). This protocol combination of HTTP with SSL is called "HTTPS".

SSL is a general-purpose network security protocol. In its normal usage, SSL provides up to four features to your TCP connections:

  1. Server Authentication: Your web server is authenticated to its clients, so that they can tell who you "really" are. Public Key Certificates are used to do this authentication.
  2. Data Encryption: All requests to your web server are encrypted so that client data (such as credit card data) is kept confidential. So are the responses from your web server.
  3. Data Integrity: The data is protected against being tampered with by a third party.
  4. Client Authentication: When appropriate, clients can authenticate themselves to your server using their own Public Key Certificates.

Configuring the Web Server for SSL Client Authentication

Java Web Server can be configured to require Secure Socket Layer (SSL) client authentication when using the Secure HTTP protocol (HTTPS). This can now be done easily through the Administration Tool. For an explanation of the panel on which client authentication is set, see the Administration Tool: Site Setup online help document.

As before, you still have the ability to configure client authentication directly through editing the following file:

properties/server/javawebserver/secureservice/endpoint.properties
so that the ssl.need-clnt-auth flag is set to true rather than false.

Configuring the Web Server for Unauthenticated Service

Most web browsers do not support unauthenticated servers. This is intentional, since the unauthenticated versions are open to "person in the middle" attacks. That is, since the server's public key is not authenticated, clients can't know if they're really talking to the server they think they are.

To set up your Secure Web Page Service to support unauthenticated servers, do the following:

  1. Select the Secure Web Page service.
  2. Click the "Security" button.
  3. Select the "Ciphers" section.
  4. You will see several ciphers with names starting SSL_DH_anon ... select these flavors.
  5. Click the "Save" button.
  6. If your server supports authenticated operation, you may need to re-enter your passphrase.
  7. You will probably want to enable the HTTPS Service ("Secure Web Page Service") at this time.

Top
java-server-feedback@java.sun.com
 Copyright © 1999 Sun Microsystems, Inc.
All Rights Reserved.