• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1043
  • Last Modified:

HTTPS Download Part 2

I previously asked a question how to download a file over https.  I was given 3 examples.

http://technojeeves.com/joomla/index.php/free/51-copying-streams
http://www.exampledepot.com/egs/java.net/Auth.html
http://stackoverflow.com/questions/1269359/downloading-a-file-over-https-over-java

One example uses password authentication but not one shows how to use certificates.

First, isn't a certificate required with https?

Second, are there any examples how to use certificates if required?  For example, can I export  a web certificate from my browser and use that for LDAP authentication which is part of the framework?
0
lcor
Asked:
lcor
6 Solutions
 
Paul MacDonaldDirector, Information SystemsCommented:
Certificates are used for HTTPS, but the negotiation takes place between the server, client, and certification authority.  I wouldn't expect you to have to do anything unless the certificates were self-issued in which case you might need to install the certificate on the client so it can be used.
0
 
CEHJCommented:
but not one shows how to use certificates.

That's because they're not required explicitly if they're legitimate. If they're not, then as paulmacd says, some explicit installation might be required, or the installation of a custom TrustManager
0
 
Dave HoweSoftware and Hardware EngineerCommented:
HTTPS will have a server certificate (which may or may not require you to have a CA to authenticate it) and optionally a client certificate (which again, may need a matching CA)

IF a https server requires a client cert, then it will supply a list of suitable CAs it will accept certs from, and your browser or download app is required to supply a client cert that is signed by one of the listed CAs.

however, client side certificates are unusual, and on the whole, server side certificates are verified by the standard CA list (and/or not verified for signature at all, as is the case for some TLS implementations)
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
CEHJCommented:
and on the whole, server side certificates are verified by the standard CA list

Unless the institution from which you're downloading won't or can't invest in getting their cert recognised by the core CAs. In that case, you will have to jump through some hoops in your download.
0
 
Radek BaranowskiFull-stack Java DeveloperCommented:
Second, are there any examples how to use certificates if required?  For example, can I export  a web certificate from my browser and use that for LDAP authentication which is part of the framework?
no, you must have a private key - personal certificate. if you mean getting site cert from browser, you probably mean signer certificate which you can't use for authenticating yourself. you can only trust it (as it legitimates content you browse)
0
 
Dave HoweSoftware and Hardware EngineerCommented:
CEHJ: Indeed so, in which case you need to add an exception (or the CA cert if it isn't self signed) manually to your solution. For most browsers this is a simple process, but for java that is significantly harder (to the extent most users won't do it) and some scripting languages have their own keystore dirs or file formats.

http://code.google.com/p/keytool-iui/ is an excellent (but barely known) tool for java; http://sourceforge.net/projects/xca/ is a good tool for creation and manipulation of certificates (all the functionality of the command line openssl tools, but in a gui :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now