Java applets and client-side ssl certificates?

C

Charles Goehring

Applet Gurus,

Is anybody out there doing Java applets and client-side ssl certificates?

When I turn the requirement on in Apache, I get handshake failure errors
when the applet tries to load. Certificates are installed in the web
browser for the user's html browsing.

Some of our customers are on locked down machines that don't allow
"installation of software" but they jave jre 1.4.2 and Java Web Start.

Considering using Java Network Launch Protocol (JNLP) or some other kind
of applet based install but I think this would require a signed applet.
This, in turn, would require a certificate to be installed beforehand
(to validate the signed jar). Since our certs are all done in-house,
I'm in a chicken/egg situation. All certificates are issued by an
internal CA but are not easy to get for various reasons.

Is there an easy way to mass-install certificates (to keystores) in a
secure way without touching all the workstations?

The applet/client-side certificates present four problems as I see it:
1 handling the user's certificate securely
2 Maintainig the internal CA and root certs
3 Excessive prompting for multiple passwords to keystores
4 Keystore security (Bouncy Castle libs are 1MB)

Does anyone have any advice to give?

Thanks
Chuck
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top