SlideShare a Scribd company logo

Implementation of ssl injava

Download as PPT, PDF
T
tanujagrawal

Tomcat is a web container, not a web server. It uses the HTTPConnector to act as a web server and handle HTTP requests. To enable SSL/HTTPS in Tomcat, one must: 1. Generate a self-signed certificate using keytool to create a keystore file for secure connections. 2. Configure the server.xml file to enable the SSL connector and specify the keystore file location. 3. Add a security constraint to the application's web.xml file to specify "CONFIDENTIAL" transport guarantee and require HTTPS for resources. SSL can also be enabled on PHP applications running on XAMPP without additional configuration since XAMPP already includes OpenSSL support. HTTPS requests

Technology
1 of 14
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Introduction Name – Tanuj Agrawal Class – IT-I VI Sem Topic – Implementation Of SSL In Java (Tomcat) And In PHP
Web Server And Web Container Web Server is the application that understand the HTTP request only (it does not process the request) and give the request to the appropriate container for processing. Web Container-Web Container is the actual one that processes the request and generate the response. Types of containers A-Context (Application) B-Engine (Service) C-Host (Virtual Host) D-Cluster (Set of Application) There can be multiple containers within the single server.
What is Tomcat Tomcat is not a web server it is a package which contains web server and web container. Actually when we install the Tomcat application named as HtttpConnector is installed with it which works as the Web Server. Tomcat uses the Apache Portable Runtime (APR) it provides some functionality. A-Advanced i/O functionality B-Support for OpenSSL C-OS level functionality It includes three connectors A-HTTP B-HTTPS C-AJP (Apache Java Protocol) Tomcat uses the JSSE configuration and uses the open SSL style configuration.
What is SSL (Secure Socket Layer) SSL, or Secure Socket Layer, is a technology which allows web browsers and web servers to communicate over a secured connection. This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.
Another important aspect of the SSL protocol is Authentication. This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a "Certificate", as proof the site is who and what it claims to be. In certain cases, the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be. This is known as "Client Authentication," although in practice this is used more for business-to-business (B2B) transactions than with individual users. Most SSL-enabled web servers do not request Client Authentication.
What is certificate ? In order to implement SSL, a web server must have an associated Certificate for each external interface (IP address) that accepts secure connections. The theory behind this design is that a server should provide some kind of reasonable assurance that its owner is who you think it is, particularly before receiving any sensitive information For sites involved in e-commerce, or any other business transaction in which authentication of identity is important, a Certificate is typically purchased from a well-known Certificate Authority (CA) such as VeriSign or Thawte. Such certificates can be electronically verified -- in effect, the Certificate Authority will vouch for the authenticity of the certificates that it grants, so you can believe that that Certificate is valid if you trust the Certificate Authority that granted it.
Configuring tomcat for running SSL It has been Done In Three Easy Steps. 1-Generating A self signed certificate. 2-Configuring The Tomcat For enabling SSL 3-Configuring your application to run on SSL
Step-1 Java provides a relatively simple command-line tool, called keytool , which can easily create a "self-signed" Certificate. Self-signed Certificates are simply user generated Certificates which have not been officially registered with any well-known CA, and are therefore not really guaranteed to be authentic at all.It generates the keystore file which would store the details of the certificates necessary to make the protocol secured. First we create a keystore file (.jks) keytool -genkey -alias tomcat -keyalg RSA -keystore C:\keystore.jks When we give this command it will ask for some information about your name,organization,locality etc.
Certificate signing request (.csr) keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore c:\keystore.jks This (.csr) can be sent to certifying authority for certification. After getting back the authenticated certificate from the vendor it can be imported into the keystore of your server.
Step-2 Configuring the server.xml for enabling the SSL support in Tomcat that server.xml will be found in the C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\ Find this tag in this file <!-- <Connector port=&quot;8443&quot; ……………. /> --> By default it is commented remove the comments and place an additional attribute keystore in this tag keystoreFile=&quot;C:keystore.jks&quot;
Step-3 Configuring your application’s web.xml open the web.xml of that application and just add this XML fragment before web-app ends i.e </web-app> <security-constraint> <web-resource-collection> <web-resource-name>securedapp</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint>
/* indicates that now, any resource in your application can be accessed only with https be it Servlets or JSP’s The term CONFIDENTIAL is the term which tells the server to make the application work on SSL. If you want to turn the SSL mode for this application off then just turn don’t delete the fragment. Just put the value as NONE instead of CONFIDENTIAL Now your server and application both has been configured to run on SSL . Type https://localhost :8443 URL in browser. A page opens with a warning .This warning comes due to the self signed certificates because browser can not auhenticate these certificates so we have to add an exception.
SSL on PHP We use the XAMPP server for running PHP .it is a complete package with all the required tools. Apache server PHP MySQL It have many extensions already installed with it and openSSL is also one of them. So we need not to do anything with XAMPP for running SSL on PHP . We should type the URL https://localhost in your browser and need to add an exception and it will run.
Thank You TANUJ AGRAWAL (tanuj.agrawal@hotmail.com)

More Related Content

PPT
SSL Communication and Mutual Authentication
Cleo
 
PPT
Mutual Authentication For Wireless Communication
manish kumar
 
PPTX
Protecting your APIs with Doorkeeper and OAuth 2.0
Mads Toustrup-Lønne
 
PPTX
Best Practices in Building an API Security Ecosystem
Prabath Siriwardena
 
PPTX
REST Service Authetication with TLS & JWTs
Jon Todd
 
PPTX
API Security - Null meet
vinoth kumar
 
PPTX
Security
Akram Salih
 
PPTX
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 
SSL Communication and Mutual Authentication
Cleo
 
Mutual Authentication For Wireless Communication
manish kumar
 
Protecting your APIs with Doorkeeper and OAuth 2.0
Mads Toustrup-Lønne
 
Best Practices in Building an API Security Ecosystem
Prabath Siriwardena
 
REST Service Authetication with TLS & JWTs
Jon Todd
 
API Security - Null meet
vinoth kumar
 
Security
Akram Salih
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
CA API Management
 

What's hot (20)

PPTX
Oauth 2.0 security
vinoth kumar
 
ODP
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
PDF
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
PDF
OAuth - Open API Authentication
leahculver
 
PPTX
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
PDF
The Ultimate Guide to Mobile API Security
Stormpath
 
PDF
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
 
PPTX
OAuth2 + API Security
Amila Paranawithana
 
PPTX
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
PDF
Understanding transport-layer_security__ssl
Mainak Goswami
 
PPTX
Single-Page-Application & REST security
Igor Bossenko
 
PDF
API Security Best Practices & Guidelines
Prabath Siriwardena
 
PDF
OAuth 2.0
Uwe Friedrichsen
 
PPTX
Https
Billa Kota Sriram
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
PPTX
O auth2 with angular js
Bixlabs
 
PPTX
An introduction to OAuth 2
Sanjoy Kumar Roy
 
PDF
Design and Implementation of an IP based authentication mechanism for Open So...
WilliamJohn41
 
PPTX
Token Authentication for Java Applications
Stormpath
 
PDF
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CloudIDSummit
 
Oauth 2.0 security
vinoth kumar
 
Mohanraj - Securing Your Web Api With OAuth
fossmy
 
OAuth & OpenID Connect Deep Dive
Nordic APIs
 
OAuth - Open API Authentication
leahculver
 
An Authentication and Authorization Architecture for a Microservices World
VMware Tanzu
 
The Ultimate Guide to Mobile API Security
Stormpath
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Derek Perkins
 
OAuth2 + API Security
Amila Paranawithana
 
Securing your APIs with OAuth, OpenID, and OpenID Connect
Manish Pandit
 
Understanding transport-layer_security__ssl
Mainak Goswami
 
Single-Page-Application & REST security
Igor Bossenko
 
API Security Best Practices & Guidelines
Prabath Siriwardena
 
OAuth 2.0
Uwe Friedrichsen
 
Https
Billa Kota Sriram
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
O auth2 with angular js
Bixlabs
 
An introduction to OAuth 2
Sanjoy Kumar Roy
 
Design and Implementation of an IP based authentication mechanism for Open So...
WilliamJohn41
 
Token Authentication for Java Applications
Stormpath
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CloudIDSummit
 
Ad

Similar to Implementation of ssl injava (20)

PPTX
Ssl in a nutshell
Frank Kelly
 
PPT
Ssl Https Server
Ram Srivastava
 
PPTX
Secure socket layer
BU
 
PPT
Introduction to Secure Sockets Layer
Nascenia IT
 
PPT
SSL.ppt
TXCDHRUV
 
PPTX
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
PPTX
The last picks
Nafiur Rahman Tuhin
 
PPT
Web security
Muhammad Usman
 
PPTX
Certificate pinning in android applications
Arash Ramez
 
PPTX
SSL
Badrul Alam bulon
 
PDF
presentation2-151203145018-lva1-app6891.pdf
GumanSingh10
 
PPT
Lecture17
Châu Thanh Chương
 
PDF
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
PPTX
SSL self signed deployment on Ubuntu 16.04
MH Qapandaran
 
PDF
Training Slides: 302 - Securing Your Cluster With SSL
Continuent
 
PPTX
Cryptography by Afroz haider mir
AFROZ MIR
 
PDF
Apache Web Server
webhostingguy
 
PPTX
Ssl
Anandraj Kulkarni
 
PPT
certificates.ppt
faizalkhan673954
 
PPT
SecureSocketLayer.ppt
PranavUndre1
 
Ssl in a nutshell
Frank Kelly
 
Ssl Https Server
Ram Srivastava
 
Secure socket layer
BU
 
Introduction to Secure Sockets Layer
Nascenia IT
 
SSL.ppt
TXCDHRUV
 
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
The last picks
Nafiur Rahman Tuhin
 
Web security
Muhammad Usman
 
Certificate pinning in android applications
Arash Ramez
 
SSL
Badrul Alam bulon
 
presentation2-151203145018-lva1-app6891.pdf
GumanSingh10
 
Lecture17
Châu Thanh Chương
 
SECURE SOCKET LAYER(SSL)_LECTURE SLIDES.pdf
NiharikaDubey17
 
SSL self signed deployment on Ubuntu 16.04
MH Qapandaran
 
Training Slides: 302 - Securing Your Cluster With SSL
Continuent
 
Cryptography by Afroz haider mir
AFROZ MIR
 
Apache Web Server
webhostingguy
 
Ssl
Anandraj Kulkarni
 
certificates.ppt
faizalkhan673954
 
SecureSocketLayer.ppt
PranavUndre1
 
Ad

Recently uploaded (20)

PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Approach and Philosophy of On baking technology
30anthuong17
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Encapsulation theory and applications.pdf
gurumoop
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Cloud computing and distributed systems.
kkkkkhan
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Teaching material agriculture food technology
LiaRayya
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 

Implementation of ssl injava

  • 1. Introduction Name – Tanuj Agrawal Class – IT-I VI Sem Topic – Implementation Of SSL In Java (Tomcat) And In PHP
  • 2. Web Server And Web Container Web Server is the application that understand the HTTP request only (it does not process the request) and give the request to the appropriate container for processing. Web Container-Web Container is the actual one that processes the request and generate the response. Types of containers A-Context (Application) B-Engine (Service) C-Host (Virtual Host) D-Cluster (Set of Application) There can be multiple containers within the single server.
  • 3. What is Tomcat Tomcat is not a web server it is a package which contains web server and web container. Actually when we install the Tomcat application named as HtttpConnector is installed with it which works as the Web Server. Tomcat uses the Apache Portable Runtime (APR) it provides some functionality. A-Advanced i/O functionality B-Support for OpenSSL C-OS level functionality It includes three connectors A-HTTP B-HTTPS C-AJP (Apache Java Protocol) Tomcat uses the JSSE configuration and uses the open SSL style configuration.
  • 4. What is SSL (Secure Socket Layer) SSL, or Secure Socket Layer, is a technology which allows web browsers and web servers to communicate over a secured connection. This means that the data being sent is encrypted by one side, transmitted, then decrypted by the other side before processing. This is a two-way process, meaning that both the server AND the browser encrypt all traffic before sending out data.
  • 5. Another important aspect of the SSL protocol is Authentication. This means that during your initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials, in the form of a &quot;Certificate&quot;, as proof the site is who and what it claims to be. In certain cases, the server may also request a Certificate from your web browser, asking for proof that you are who you claim to be. This is known as &quot;Client Authentication,&quot; although in practice this is used more for business-to-business (B2B) transactions than with individual users. Most SSL-enabled web servers do not request Client Authentication.
  • 6. What is certificate ? In order to implement SSL, a web server must have an associated Certificate for each external interface (IP address) that accepts secure connections. The theory behind this design is that a server should provide some kind of reasonable assurance that its owner is who you think it is, particularly before receiving any sensitive information For sites involved in e-commerce, or any other business transaction in which authentication of identity is important, a Certificate is typically purchased from a well-known Certificate Authority (CA) such as VeriSign or Thawte. Such certificates can be electronically verified -- in effect, the Certificate Authority will vouch for the authenticity of the certificates that it grants, so you can believe that that Certificate is valid if you trust the Certificate Authority that granted it.
  • 7. Configuring tomcat for running SSL It has been Done In Three Easy Steps. 1-Generating A self signed certificate. 2-Configuring The Tomcat For enabling SSL 3-Configuring your application to run on SSL
  • 8. Step-1 Java provides a relatively simple command-line tool, called keytool , which can easily create a &quot;self-signed&quot; Certificate. Self-signed Certificates are simply user generated Certificates which have not been officially registered with any well-known CA, and are therefore not really guaranteed to be authentic at all.It generates the keystore file which would store the details of the certificates necessary to make the protocol secured. First we create a keystore file (.jks) keytool -genkey -alias tomcat -keyalg RSA -keystore C:\keystore.jks When we give this command it will ask for some information about your name,organization,locality etc.
  • 9. Certificate signing request (.csr) keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr -keystore c:\keystore.jks This (.csr) can be sent to certifying authority for certification. After getting back the authenticated certificate from the vendor it can be imported into the keystore of your server.
  • 10. Step-2 Configuring the server.xml for enabling the SSL support in Tomcat that server.xml will be found in the C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\ Find this tag in this file <!-- <Connector port=&quot;8443&quot; ……………. /> --> By default it is commented remove the comments and place an additional attribute keystore in this tag keystoreFile=&quot;C:keystore.jks&quot;
  • 11. Step-3 Configuring your application’s web.xml open the web.xml of that application and just add this XML fragment before web-app ends i.e </web-app> <security-constraint> <web-resource-collection> <web-resource-name>securedapp</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee> CONFIDENTIAL </transport-guarantee> </user-data-constraint> </security-constraint>
  • 12. /* indicates that now, any resource in your application can be accessed only with https be it Servlets or JSP’s The term CONFIDENTIAL is the term which tells the server to make the application work on SSL. If you want to turn the SSL mode for this application off then just turn don’t delete the fragment. Just put the value as NONE instead of CONFIDENTIAL Now your server and application both has been configured to run on SSL . Type https://localhost :8443 URL in browser. A page opens with a warning .This warning comes due to the self signed certificates because browser can not auhenticate these certificates so we have to add an exception.
  • 13. SSL on PHP We use the XAMPP server for running PHP .it is a complete package with all the required tools. Apache server PHP MySQL It have many extensions already installed with it and openSSL is also one of them. So we need not to do anything with XAMPP for running SSL on PHP . We should type the URL https://localhost in your browser and need to add an exception and it will run.
  • 14. Thank You TANUJ AGRAWAL (tanuj.agrawal@hotmail.com)