We help IT Professionals succeed at work.

HTTPS Download Part 2

lcor
lcor asked
on
I previously asked a question how to download a file over https.  I was given 3 examples.

http://technojeeves.com/joomla/index.php/free/51-copying-streams
http://www.exampledepot.com/egs/java.net/Auth.html
http://stackoverflow.com/questions/1269359/downloading-a-file-over-https-over-java

One example uses password authentication but not one shows how to use certificates.

First, isn't a certificate required with https?

Second, are there any examples how to use certificates if required?  For example, can I export  a web certificate from my browser and use that for LDAP authentication which is part of the framework?
Comment
Watch Question

Director, Information Systems
BRONZE EXPERT
Commented:
Certificates are used for HTTPS, but the negotiation takes place between the server, client, and certification authority.  I wouldn't expect you to have to do anything unless the certificates were self-issued in which case you might need to install the certificate on the client so it can be used.
BRONZE EXPERT
Top Expert 2016
Commented:
but not one shows how to use certificates.

That's because they're not required explicitly if they're legitimate. If they're not, then as paulmacd says, some explicit installation might be required, or the installation of a custom TrustManager
Dave HoweSoftware and Hardware Engineer
Commented:
HTTPS will have a server certificate (which may or may not require you to have a CA to authenticate it) and optionally a client certificate (which again, may need a matching CA)

IF a https server requires a client cert, then it will supply a list of suitable CAs it will accept certs from, and your browser or download app is required to supply a client cert that is signed by one of the listed CAs.

however, client side certificates are unusual, and on the whole, server side certificates are verified by the standard CA list (and/or not verified for signature at all, as is the case for some TLS implementations)
BRONZE EXPERT
Top Expert 2016
Commented:
and on the whole, server side certificates are verified by the standard CA list

Unless the institution from which you're downloading won't or can't invest in getting their cert recognised by the core CAs. In that case, you will have to jump through some hoops in your download.
Radek BaranowskiFull-stack Java Developer
Commented:
Second, are there any examples how to use certificates if required?  For example, can I export  a web certificate from my browser and use that for LDAP authentication which is part of the framework?
no, you must have a private key - personal certificate. if you mean getting site cert from browser, you probably mean signer certificate which you can't use for authenticating yourself. you can only trust it (as it legitimates content you browse)
Dave HoweSoftware and Hardware Engineer
Commented:
CEHJ: Indeed so, in which case you need to add an exception (or the CA cert if it isn't self signed) manually to your solution. For most browsers this is a simple process, but for java that is significantly harder (to the extent most users won't do it) and some scripting languages have their own keystore dirs or file formats.

http://code.google.com/p/keytool-iui/ is an excellent (but barely known) tool for java; http://sourceforge.net/projects/xca/ is a good tool for creation and manipulation of certificates (all the functionality of the command line openssl tools, but in a gui :)

Explore More ContentExplore courses, solutions, and other research materials related to this topic.