TLS
In order to provide Transport Layer Security (TLS), same as for its predecessor Secure Sockets Layer (SSL), it is not compulsory to use a digital certificate issued by one of the well-known (trusted) certification authorities (CA), in case when authentication of the server is not of a particular interest. The so-called self-signed certificate (i.e. an identity certificate signed by the same entity whose identity it should certify) is able to ensure that the connection is secure.
1) Generate self-signed certificate, depending on the particular server environment (e.g. using keytool).
2) Configure the server to serve the requests over HTTPS.
3) Inform the client about the need to whitelist the self-signed certificate.
Ensure secure data transmission over HTTPS in the absence of officially issued digital certificate
The transmission of (sensitive) data between server and client should be secured, in particular against eavesdropping and man-in-the-middle attack. The client accesses data (which is stored on the server) over HTTP through specific web interface. Hence, the client-server communication should be adapted to HTTP over TLS/SSL (i.e. HTTPS). There is no possibility to receive an officially issued digital certificate from one of the well-known certification authorities (CA). The solution should be simple, and the implementation may not take longer than ca. 2 hours.
Taggings:
prepare an application server to handle secure connections
<p>In a web application users can collect information on their (or their company's) assets and plan future actions.</p><p>This information is of great value, so the user wants to keep it safe.</p><p>One basic task for a trustworthy service provider is, to let the user know if the connection is established indeed between the two.</p><p>In web applications this is usually accomplished by using a secure connection during user authentication.</p><p>So, an application server should be able to provide such secure connections.</p><p>For this task a SSL/TLS certificate is required. too bad, that there is none for this machine yet.</p>
SSL certificate on Microsoft IIS Server not working
While trying to establish a secure SSL connection for a webservice i encountered the problem that IIS did load the certificate but when trying to access the service with some other program the SSL connection timed out. Though IIS did somehow indicate that this URL needed a SSL connection (in comparison: if i tried to connect by some other port than 443 with an SSL request i didn't get a timeout), i can't figure out the problem, cause i can view the certificate in windows regulary and assume it is correct. I used several tools and methods to create the certificate but all ways failed.
Taggings:
