0
Secure Socket Layer (SSL) and Apache Tomcat (Web/Application Server) 2008/July/17 Multimedia Division
Agenda  <ul><li>What is SSL </li></ul><ul><ul><li>Secure Socket Layer (SSL) </li></ul></ul><ul><ul><li>The SSL Protocol </...
What is SSL <ul><li>SSL stands for Secure Socket Layer. </li></ul><ul><li>Secure Socket Layer  (SSL) technology allows web...
Secure Socket Layer (SSL) <ul><li>Originally developed by Netscape, SSL has been universally accepted on the World Wide We...
The SSL Protocol <ul><li>The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP or IMAP  </li></ul>
Why SSL <ul><li>SSL addresses the following important security considerations.  </li></ul><ul><li>Authentication : During ...
What SSL Provides <ul><li>Confidentiality (Privacy) </li></ul><ul><li>Data integrity (Tamper-proofing) </li></ul><ul><li>S...
SSL and Authentication <ul><li>Server Authentication : </li></ul><ul><li>Server needs to provide its own certificate to a ...
SSL and Web-tier Security <ul><li>Encrypted password move from the browser </li></ul><ul><li>to the web server </li></ul><...
What is a Certificate? <ul><li>A certificate is a digitally-signed statement from one entity (person, company, </li></ul><...
What is a Certificate (Ctd..) <ul><li>A certificate is cryptographically signed and is practically impossible for anyone e...
What is a Certificate (Ctd..) <ul><li>A certificate can be self-signed when </li></ul><ul><li>authentication over the inte...
What is Server Certificate? <ul><li>A server certificate is a container that contains server's public key and other miscel...
Why Server Certificate is Needed? <ul><li>Server Certificate enables Server Authentication </li></ul><ul><li>Server sends ...
Verify/Demo SSL Support on Test server  <ul><li>Screen Display </li></ul>
Verify/Demo SSL Support on Test server  <ul><li>Screen Display </li></ul>
Verify/Demo SSL Support on Test server <ul><li>Screen Display of Certificate </li></ul>
Verify/Demo SSL Support on Test server <ul><li>Screen Display of Certificate </li></ul>
Commercial for Certificate  Budget Required (Tentative figure by Vendors)  http://www.verisign.com/ssl/buy-ssl-certificate...
SSL Drawbacks <ul><li>The problems associated with SSL are  </li></ul><ul><li>It prevents caching.  </li></ul><ul><li>Usin...
What is next <ul><li>Sign a CR  </li></ul><ul><li>Send to YMC as a sample  </li></ul><ul><li>Make Skill Matrix  </li></ul>...
References: <ul><li>http://java.sun.com/developer/technicalArticles/Security/secureinternet/ </li></ul><ul><li>http://csts...
Upcoming SlideShare
Loading in...5
×

Ssl Https Server

1,047

Published on

Secure Socket Layer (SSL) and Apache Tomcat (Web/Application Server)

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,047
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
83
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Ssl Https Server"

  1. 1. Secure Socket Layer (SSL) and Apache Tomcat (Web/Application Server) 2008/July/17 Multimedia Division
  2. 2. Agenda <ul><li>What is SSL </li></ul><ul><ul><li>Secure Socket Layer (SSL) </li></ul></ul><ul><ul><li>The SSL Protocol </li></ul></ul><ul><li>Why SSL </li></ul><ul><li>What SSL Provides </li></ul><ul><li>SSL and Authentication </li></ul><ul><li>SSL and Web-tier Security </li></ul><ul><li>What is a Certificate? </li></ul><ul><li>What is Server Certificate? </li></ul><ul><li>Why Server Certificate is Needed? </li></ul><ul><li>Verify/Demo SSL Support on Test server </li></ul><ul><li>Commercial for Certificate </li></ul><ul><li>SSL Drawbacks </li></ul><ul><li>What is next </li></ul><ul><li>References </li></ul>
  3. 3. What is SSL <ul><li>SSL stands for Secure Socket Layer. </li></ul><ul><li>Secure Socket Layer (SSL) technology allows web browsers and web servers to communicate over a secure connection </li></ul>
  4. 4. Secure Socket Layer (SSL) <ul><li>Originally developed by Netscape, SSL has been universally accepted on the World Wide Web for authenticated and encrypted communication between clients and servers. </li></ul><ul><li>Responsible for the emergence of </li></ul><ul><li>e-commerce, other security sensitive services on the web </li></ul>
  5. 5. The SSL Protocol <ul><li>The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP or IMAP </li></ul>
  6. 6. Why SSL <ul><li>SSL addresses the following important security considerations. </li></ul><ul><li>Authentication : During initial attempt to communicate with a web server over a secure connection, that server will present your web browser with a set of credentials in the form of a server certificate. The purpose of the certificate is to verify that the site is who and what it claims to be. </li></ul><ul><li>Confidentiality : When data is being passed between the client and the server on a network, third parties can view and intercept this data. SSL responses are encrypted so that the data cannot be deciphered by the third party and the data remains confidential. </li></ul><ul><li>Integrity : When data is being passed between the client and the server on a network, third parties can view and intercept this data. SSL helps guarantee that the data will not be modified in transit by that third party. </li></ul>
  7. 7. What SSL Provides <ul><li>Confidentiality (Privacy) </li></ul><ul><li>Data integrity (Tamper-proofing) </li></ul><ul><li>Server authentication (Proving a server is what it claims it is) </li></ul><ul><li>Optional client authentication - Would be required in B2B/B2C (or Web services environment in which program talks to program </li></ul>
  8. 8. SSL and Authentication <ul><li>Server Authentication : </li></ul><ul><li>Server needs to provide its own certificate to a </li></ul><ul><li>client in order to authenticate itself to the client. </li></ul><ul><li>A Web server typically has a CA-signed certificate and it provides to its clients. </li></ul><ul><li>Client Authentication : </li></ul><ul><li>Client needs to provide its own certificate to a </li></ul><ul><li>server in order to authenticate itself to the server. </li></ul><ul><li>Mutual Authentication </li></ul>
  9. 9. SSL and Web-tier Security <ul><li>Encrypted password move from the browser </li></ul><ul><li>to the web server </li></ul><ul><li>Encrypted data move between the browser </li></ul><ul><li>and the web server </li></ul><ul><li>Server authentication </li></ul><ul><li>– Done before encrypted data transfer occurs </li></ul><ul><li>Client Authentication </li></ul><ul><li>– Not used in most cases </li></ul>
  10. 10. What is a Certificate? <ul><li>A certificate is a digitally-signed statement from one entity (person, company, </li></ul><ul><li>etc.), saying that the public key (and some other information) of some other </li></ul><ul><li>entity has a particular value. So in a sense, it is like digital version of your ID </li></ul><ul><li>card such as driver's license. </li></ul>
  11. 11. What is a Certificate (Ctd..) <ul><li>A certificate is cryptographically signed and is practically impossible for anyone else to forge </li></ul><ul><li>A certificate can be purchased from (signed by) a well-known CA (Certificate Authority) like Verisign </li></ul>
  12. 12. What is a Certificate (Ctd..) <ul><li>A certificate can be self-signed when </li></ul><ul><li>authentication over the internet is not really a concern for example, an administrator may simply want to ensure that data being transmitted and received by the server is private and cannot be snooped by anyone eavesdropping on the connection, that is only data privacy and integrity are important </li></ul>
  13. 13. What is Server Certificate? <ul><li>A server certificate is a container that contains server's public key and other miscellaneous information </li></ul><ul><li>Web server must have an associated certificate for each external interface, or IP address, that accepts secure connections. This provides some kind of reasonable assurance that its owner is who you think it is </li></ul>
  14. 14. Why Server Certificate is Needed? <ul><li>Server Certificate enables Server Authentication </li></ul><ul><li>Server sends server certificate as part of SSL key handshake </li></ul><ul><li>HTTPS service of Tomcat would not work unless a server certificate is installed </li></ul><ul><li>Verifies the server's identity to the client, before receiving any sensitive information </li></ul>
  15. 15. Verify/Demo SSL Support on Test server <ul><li>Screen Display </li></ul>
  16. 16. Verify/Demo SSL Support on Test server <ul><li>Screen Display </li></ul>
  17. 17. Verify/Demo SSL Support on Test server <ul><li>Screen Display of Certificate </li></ul>
  18. 18. Verify/Demo SSL Support on Test server <ul><li>Screen Display of Certificate </li></ul>
  19. 19. Commercial for Certificate Budget Required (Tentative figure by Vendors) http://www.verisign.com/ssl/buy-ssl-certificates/secure-site-services/index.html $ 1499/Year Verisign 1 Remarks Budget Required Name of the Vendors Sr. No.
  20. 20. SSL Drawbacks <ul><li>The problems associated with SSL are </li></ul><ul><li>It prevents caching. </li></ul><ul><li>Using SSL imposes greater overheads on the server and the client. </li></ul><ul><li>Some firewalls and/or web proxies may not allow SSL traffic. </li></ul><ul><li>There is a financial cost associated with gaining a Certificate for the server/subject device </li></ul>
  21. 21. What is next <ul><li>Sign a CR </li></ul><ul><li>Send to YMC as a sample </li></ul><ul><li>Make Skill Matrix </li></ul><ul><li>Make Training Schedule </li></ul>
  22. 22. References: <ul><li>http://java.sun.com/developer/technicalArticles/Security/secureinternet/ </li></ul><ul><li>http://cstsolaris.cst.nait.ab.ca/resources/ssl/ </li></ul><ul><li> index.html </li></ul><ul><li>http://www.javapassion.com/j2ee/index.html </li></ul><ul><li>http://www.rhyshaden.com/ssl.htm </li></ul><ul><li>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×