SSL

Previous page
Table of content
Next page

Encryption is the process of rendering a sequence of data unreadable. Typically this process utilizes one or more data strings known as keys. Public key encryption is a method of scrambling data using one key, key A, in such a way that it can later be unscrambled, but only with the use of a second key, key B. Data encrypted using key A is decryptable with key B. Data encrypted with key B is decryptable only with key A.

One of the keys is handed out freely to the general public (the "public key") and the other is kept a closely guarded secret (the "private key"). Those who wish to communicate with you securely obtain your public key and use it to encrypt messages. Upon receipt of the encrypted message, you use your private key to decrypt the message and perhaps compose a response.

Certificates

Certificates are the way you inform the Web-browsing public that you are who you say you are. A certificate is nothing more than a public/private key pair obtained from some trusted source. Because a key pair is nothing more than a long sequence of numbers , it is possible to construct a functioning key for yourself without much difficulty. However, unless you are using a commercially signed certificate, most client browsers will display some kind of warning message to their users when they begin SSL communication.

You use the private key provided by the certificate authority to encrypt some data. When a client requests a secure connection, you respond with the following items:

  • Your server certificate signed by some recognized certificate authority

  • Some plain-text identification message for use in calculation

The client uses the public key of the certificate authority to decrypt the message which you transmitted. The decrypted message contains your public key. Next, you send the client a message which you have encrypted using your private key. The message contains some data encrypted using your public key. Using your trusted public key that it obtained the first step, it decrypts the message you just sent. It encrypts the plain text message and compares the result with the contents of the second message. If they match, the client will conclude you are who you say you are, and business can commence.

Commercial certificates can be purchased from

http://www.verisign.com

http://www.thawte.com

Once they have been purchased and installed in the directory tree, you are ready to begin configuring SSL.

Configuring SSL

In 6.x, the SSL configuration pane is accessed by clicking on the particular server for which you wish to perform configuration, then clicking on the SSL tab. In 7.x, the SSL tab is found under the connections tab. (See Figure 11-1.)

Figure 11-1. Server 7.x SSL Tab

graphics/11fig01.jpg

Either way, there are four fields of interest:

Listen Port

The port that the server is to monitor for SSL communication

Server Key File Name

The location of the private SSL key in the directory tree

Server Certificate File Name

The location of the public certficate in the directory tree

By default, the server does not require clients to have certificates of their own. However, you can override this and deny communication to any client that lacks a valid certificate. To do so, check the "Client Certificate Enforced" box in the SSL tab.


Previous page
Table of content
Next page
BEA WebLogic Server Administration Kit
BEA WebLogic Server Administration Kit (Prentice Hall PTR Advanced Web Development)
ISBN: 0130463868
EAN: 2147483647
Year: 2002
Pages: 134
Authors: Scott Hawkins
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
C++ How to Program (5th Edition)
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Introducing Microsoft ASP.NET AJAX (Pro - Developer)
Comparing, Designing, and Deploying VPNs
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy