Hello everybody! I have the following problem....
I have two servlets: servlet A and a servlet B. Servlet B is running on a Web Server that supports SSL protocol, so I can crypt and send all the data of a HTML form to it using "https" protocol and an url like this: https://mydomain/servletB (all the data of the HTML form are sent to this url using https protocol) In this way the data are crypted from the Web Browser (like IE or Netscape), while the process of decrypting the data is carried out from the Web Server (where is running servlet B) that is configured correctly to support HTTPS protocol. What I would like to to is to send data to servlet B not from an HTML form but from a servlet: what happens in this case? Can I connect to servet B from servlet A using "https" url like I did for the HTML form? I mean...what I would like to do are the the following steps in servlet A: String urlServlet="https://mydomain/servletB";; URL Url=new URL(urlServlet); ServletConn=Url.openConnection(); ServletConn.setDoInput(true); ServletConn.setDoOutput(true); ...(now I can send data to servlet B) I am afraid that I cannot use an "https" url to connect from servlet A to servlet B because servlet A hasn't SSL support! In fact in this case I am not sending data from an HTML form (but I am connecting from servlet A to servlet B directly) so I can't use the SSL support of my Web Browser....am I right? If yes what must I do to connect from servlet A to servlet B using "https" protocol? Must I use some particular API to support SSL protocol in servlet A? I have heard about some cryptografic APIs developed by IAIK called "isasilk toolkit". You can check their features and download them at URL: http://jcewww.iaik.tu-graz.ac.at/products/isasilk/index.php Can I use "isasilk toolkit" in my servlet A to support HTTPS protocol? I ask this question because I have a doubt: this kind of API to implement HTTPS protocol must have a repository of public signatures of all major certificate authorities (CA)...or not? In fact to check if the certificate sent by servlet B to servlet A during authentication process of HTTPS protocol is valid servlet A must check the digital signature of the CA that released it...and to do this it needs to know the public key of the CA. I think this is the reason why the WEB Browsers (like IE and Netscape) that support HTTPS protocol store these kind of information in some folder....am I right? I hope someone can help me....thanks a lot in advance! Luca ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
