[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

HTTPS Download Part 2

Posted on 2012-08-14
6
Medium Priority
?
1,036 Views
Last Modified: 2012-08-16
I previously asked a question how to download a file over https.  I was given 3 examples.

http://technojeeves.com/joomla/index.php/free/51-copying-streams
http://www.exampledepot.com/egs/java.net/Auth.html
http://stackoverflow.com/questions/1269359/downloading-a-file-over-https-over-java

One example uses password authentication but not one shows how to use certificates.

First, isn't a certificate required with https?

Second, are there any examples how to use certificates if required?  For example, can I export  a web certificate from my browser and use that for LDAP authentication which is part of the framework?
0
Comment
Question by:lcor
6 Comments
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 336 total points
ID: 38292397
Certificates are used for HTTPS, but the negotiation takes place between the server, client, and certification authority.  I wouldn't expect you to have to do anything unless the certificates were self-issued in which case you might need to install the certificate on the client so it can be used.
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 668 total points
ID: 38292540
but not one shows how to use certificates.

That's because they're not required explicitly if they're legitimate. If they're not, then as paulmacd says, some explicit installation might be required, or the installation of a custom TrustManager
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 664 total points
ID: 38292631
HTTPS will have a server certificate (which may or may not require you to have a CA to authenticate it) and optionally a client certificate (which again, may need a matching CA)

IF a https server requires a client cert, then it will supply a list of suitable CAs it will accept certs from, and your browser or download app is required to supply a client cert that is signed by one of the listed CAs.

however, client side certificates are unusual, and on the whole, server side certificates are verified by the standard CA list (and/or not verified for signature at all, as is the case for some TLS implementations)
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 668 total points
ID: 38292657
and on the whole, server side certificates are verified by the standard CA list

Unless the institution from which you're downloading won't or can't invest in getting their cert recognised by the core CAs. In that case, you will have to jump through some hoops in your download.
0
 
LVL 12

Assisted Solution

by:Radek Baranowski
Radek Baranowski earned 332 total points
ID: 38294042
Second, are there any examples how to use certificates if required?  For example, can I export  a web certificate from my browser and use that for LDAP authentication which is part of the framework?
no, you must have a private key - personal certificate. if you mean getting site cert from browser, you probably mean signer certificate which you can't use for authenticating yourself. you can only trust it (as it legitimates content you browse)
0
 
LVL 33

Assisted Solution

by:Dave Howe
Dave Howe earned 664 total points
ID: 38295188
CEHJ: Indeed so, in which case you need to add an exception (or the CA cert if it isn't self signed) manually to your solution. For most browsers this is a simple process, but for java that is significantly harder (to the extent most users won't do it) and some scripting languages have their own keystore dirs or file formats.

http://code.google.com/p/keytool-iui/ is an excellent (but barely known) tool for java; http://sourceforge.net/projects/xca/ is a good tool for creation and manipulation of certificates (all the functionality of the command line openssl tools, but in a gui :)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
Viewers will learn about if statements in Java and their use The if statement: The condition required to create an if statement: Variations of if statements: An example using if statements:
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Suggested Courses
Course of the Month18 days, 6 hours left to enroll

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question