Hi, the puzzle I am refering to consists of the following pieces: a hosted Derby Network Server, SSL and mixed client apps
I need help in understanding how the different components need to be configured so that they work together properly. 1) my Derby Server is not running in my LAN, but is hosted by a java hoster on the internet 2) the Security Manager installed is using the Basic Security Server policy, i.e. default options 3) the Network Server is expected to require user authentication 4) the Network Server is expected to support network security with SSL 5) the SSL certificates I would like to create and issue myself (I don't want to use a Certification Authority and buy certificates at this stage aa my application is not used in real production yet) 6) the Derby Server will receive connections from "fat" clients and from web client applications (with Apache http server and Tomcat 5.5 servlet container) So far, I have a workable solution for java *fat* client applications: ad 1) the Derby Server is started from the command line (my hoster has written the necessary scripts to tie derby start/shutdown to the Tomcat start/stop processes. I can issue Tomcat start/stop/restart command via the default web interface supplied by the hoster to allow their customers to start/stop their Tomcats themselves) ad 2) no special configuration has be done here ad 3) SQL authentication has been configured and users are managed using the build-in user system (users as data base properties) ad 4) the server starts up fine reporting "server started and ready to accept SSL connections" - I am not using peer authentication, but basic ssl security only at this stage ad 5) my certificates have been self-generated/signed using the java keytool utility. Keystores files (server truststore and client keystore) are available as needed ad 6) connections from my java application or from IJ are possible ==> as said, for a fat client environemnt I think I have a workable solution Now I would like to connect to my data base server also from a web application - and it is not clear to me how this can be achieved: ad 1) would the Derby Server still be started from the command line? -> I would expect so, as SSL encryption needs to be kept in place for my fat client applications which I want to use in parallel to the web version and I have also not found SSL related options that could be used when running the Derby Server as a servlet under Tomcat. Or is SSL support now to be implemented at a different level? between the web server and the browsers of my users? ad 2) do I have to change default options of the Security Manager or can they stay as they are in this scenario? ad 3) I expect user authentication works the same way in both secanrios ad 4) how does SSL support work in this context?? how do I need to configure Tomcat and/or Apache hhtp server? ad 5) do my users needs to load certificates into their browser certificate store? can I still use self-signed certificates? do I need a specific algorithm / type of certificate? (RSA instead of DES)? Thanks for your support Thomas
