- Client authentication ensures whether the users are legitimate or not
- In HTTPS, browsers and webservers communicate over secured SSL encrypted conneciton
- Servers determine a visitor’s identity using the following methods
– If tomcatAuthentication=“false", then it retrieves the username and assumes all authentication is done
– If tomcatAuthentication=“true", CLIENT-CERT results in the value of org.apache.catalina.authenticator.SSLAuthenticator is input to the application - The client and the server present each other their certificates from the keystores in authentication process
- Authentic client and server certificate copies are stored in each of the keystores for secured SSL communication
💖Certificate Generation with Keytool
- Keystore class is a memory collection of keys and certificates
- Keytool is a command line tool provided by Java for generating keystores
- Every keystore has a unique private key that cannot be exported but can be copied easily
- A keytool helps in sharing public version of the private key with the server
💖Certificate Generation with Keytool (Cont’d)
- Generating the Client and Server Keystores
- Exporting the Client’s Public Certificate and Importing it in to the Server’s Keystore
- Export the Server’s Public Certificate and import it in to the Client’s Keystore
- Configure Tomcat for SSL using the Server Keystore
Note:
– Appropriate paths and passwords substituted for truststorePass. truststoreFile. keystorePass, and keystoreFile in { tomcat.home } / conf / server.xml
– clientAuth attribute enquires clients to provide authentication certificates
Implementing Encryption and Certificates in Client Application
Cheng® 