Is the ssl provided by the keytool, JSSE enough for secure transactions over the internet for a SOAP application.
1 posts in topic
Flat View  Flat View
Older Post First |   Reply to Topic
TOPIC ACTIONS:
 

Posted By:   Ashwin_Chathuruthy
Posted On:   Tuesday, August 13, 2002 08:19 AM

We are creating an application using webservices. A java application at a client location accesses our Web service. And there is lot of data transfer. We want the transfer to be highly secure. Using Keytool, I was able to create two certificates and make them trust each other. And the application works. Is this security enough. I contacted Verisign for details and the person had not heard of certificates thats being used for Webservices. 1) Is the security offered by JSSE enough 2) Do I have to buy two certificates? One for the client (Java application) and one for the server. I had to create two certificates (self signed certificates). 3) Can I use the Keytool to make the two certificates from Verisign to trust each other. Is it the same wa   More>>

We are creating an application using webservices. A java application at a client location accesses our Web service. And there is lot of data transfer. We want the transfer to be highly secure. Using Keytool, I was able to create two certificates and make them trust each other. And the application works. Is this security enough. I contacted Verisign for details and the person had not heard of certificates thats being used for Webservices.
1) Is the security offered by JSSE enough
2) Do I have to buy two certificates? One for the client (Java application) and one for the server. I had to create two certificates (self signed certificates).
3) Can I use the Keytool to make the two certificates from Verisign to trust each other. Is it the same way as its being done for self signed certificates. If not How can I do it?

   <<Less
Report | Quote This | Send private message | Reply | Print

Re: Is the ssl provided by the keytool, JSSE enough for secure transactions over the internet for a SOAP application.

Posted By:   Zac_Jacobson  
Posted On:   Tuesday, August 13, 2002 11:59 AM

The JSSE provides SSL functionality. If SSL is the level of security you need, then the JSSE will fulfill this need.

You only have to buy certs if you expect other people to trust you. Since you got the certs from a trustworthy source, you too are who you say you are.

You can use the keytool to add your purchased certs to your Java keystores which your applications can use to decide if they trust each other. You can't use the keytool to change the certs. There is no difference between a Verisign cert and a self-signed cert, except that Verisign signed theirs, and you signed yours. People trust Versign, but not you.

Report | Quote This | Send private message | Reply | Print
About | Sitemap | Contact