Yes. No (see below).
Browsers have built in certain CA certificates so if your server certificate is signed by one of those CAs then you have no problems. The same applies to JVMs. They have built in certificates so the clients opening HTTPS requests to your server will communicate OK. In case where you might be using a certificate not signed by a CA in your server the browser will ask if you want to trust it and then the communication will be established. This differes somewhat in Java applications where you would get "untrusted chain" exception or something like that. In that case you must import your certificate into that JVM and instruct it to trust it. d. Luca Ventura wrote: > Thanks for your reply! > > And what about at client-side? Is the crypting process carried out from the > Web Browser? Or do I have include some code in my application? > > Thanks! > > Luca > > -----Messaggio originale----- > Da: A mailing list for discussion about Sun Microsystem's Java Servlet > API Technology. [mailto:[EMAIL PROTECTED]]Per conto di > Bhushan_Bhangale > Inviato: marted� 23 aprile 2002 5.26 > A: [EMAIL PROTECTED] > Oggetto: Re: Sending data to a servlet using SSL protocol > > > Luca, > > You are doing it right, the url with https is fine. There is no need to > decrypt data at the server side. The Web Server only needs to have SSL > configured in it. > > -----Original Message----- > From: Luca Ventura [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, April 23, 2002 12:39 AM > To: [EMAIL PROTECTED] > Subject: Sending data to a servlet using SSL protocol > > > Hello everybody! > > I have the following problem: I would like to send data from a JSP page (or > from an HTML form) to a servlet > using SSL protocol to make secure the communication. What must I do on both > client > and server side of my application? > > Let's suppose I want to send a form to a servlet. Given that I want to use > SSL protocol > in the ACTION parameter of the form I would like to insert an URL like this: > > https://www.mydomain.com/myservlet > > To enable SSL protocol on client side (that is to say in the browser) is it > sufficient > I enable "SSL protocol" option in my Web Browser? Or must I do something > else? > > About the server side: must I insert any code in my servlet (or include some > libraries) to > decrypt data it receives, or the decrypting process is carried out from the > Web Server (es. Apache) > automatically? In this second case the only thing I must do is set my Web > Server > correctly to support SSL protocol? > > > Thanks very much in advance! > Luca > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > ___________________________________________________________________________ > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff SERVLET-INTEREST". > > Archives: http://archives.java.sun.com/archives/servlet-interest.html > Resources: http://java.sun.com/products/servlet/external-resources.html > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html > > > > -- David Mossakowski [EMAIL PROTECTED] Instinet Corporation 212.310.7275 ******************************************************************************* <<Disclaimer>> This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and/or CONFIDENTIAL or both. This email is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this email is not an intended recipient, you have received this email in error and any review, dissemination, distribution or copying is strictly prohibited. If you have received this email in error, please notify the sender immediately by return mail and permanently deleting the copy you received. Thank you. ******************************************************************************* ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
