how to make web application accessible from https in java [closed]

Question

I want to make the web application accessible from https in java. I am newbie in this field. I have read from some blog that it can be make by producing some sort of certificate to identity. Is there have any site providing to produce free certificate?Can i have any blog or site to refer.

thanks

Answer 1

You need an SSL certificate approved by a CA (certificate authority) so your clients will not get a warning in their browsers when they use your webapp. For such a certificate to be obtained, you generally have to pay some money to the CA. However, for testing purposes you can use a self-signed certificate.

You can generate a self-signed certificate and put it on your server. Later you can replace it with a real certificate. If you already have the real certificate, just skip to step 2 of my answer. The methods for generating a self-signed certificate differ but basically you have to do the following (abstraction):

1. Generate a self signed certificate:

You can use numerous tools and programs for that but somehow I find the most popular ways to generate a self signed certificate are:

a) java's keytool - http://docs.oracle.com/javase/1.4.2/docs/tooldocs/windows/keytool.html b) openssl - http://www.sslshopper.com/article-most-common-openssl-commands.html

Both methods are absolutely equivalent and it is a matter of preference which one you use (I use openssl)

2. Put this certificate in your servlet container/application server.

There are many servlet containers and application servers and the instructions for putting the certificate there vary even between different versions of the servers/containers and chosen configuration. Below I will list the ones I believe are most popular with youth nowadays...

a) tomcat 7 - http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

b) glassfish - http://artur.ejsmont.org/blog/content/how-to-generate-self-signed-ssl-certificate-for-glassfish-v3-and-import-it-into-java-keyring

c) jbossWeb (Servlet Container) - http://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html

Answer 2

You will need an SSL certificate to serve an SSL application. The issue with an SSL certificate is that it needs to be trusted by the browser, so if you are having people use the application you need to get a real SSL certificate from a certificate provider, like Godaddy or many others. For testing purposes you can make a "self-signed" certificate which can be used, but the client using the browser will get warnings indicating problems with the certificate.

There is no way to get a real SSL certificate for free.

I trust from this answer you can make the appropriate google queries to get you on your way.