Thursday, 31 March 2016

SSL - Secured Socket Layer

Encryption Algorithm


Asymmetric encryption: (one way encryption, low in performance)

Public key
Private key


Symmetric encryption: (high speed)

icici  ---->   <-----public------ca(certifying authority)

Every browser would get certified from CA, where CA would perform background checks and gives clean chit to the browser. When the browser gets the digitally signatures from CA, browsers treat them as secured sites and we can believe that our transactions with the site will be genuine, authenticated , faithful and believable.

all the browser needs to understand CA(Verizon) and


there is a cross mark which tells us that the site is not resisted with CA and may harmful



Implementing SSL
1) Key store -> public/private key
2) public/private key generation

jdk -> key store

3) On your jboss SSL connector
4) Point your SSL connector to keystore.


1) C:\Users\edi5752>keytool -genkey -alias optum -keyalg RSA -keystore C:\Users\edi
5752\Documents\vamsi\optum.keystore
Enter keystore password:
Keystore password is too short - must be at least 6 characters
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  vamshi krishna
What is the name of your organizational unit?
  [Unknown]:  optum
What is the name of your organization?
  [Unknown]:  uhg
What is the name of your City or Locality?
  [Unknown]:  hyderabad
What is the name of your State or Province?
  [Unknown]:  india
What is the two-letter country code for this unit?
  [Unknown]:  91
Is CN=vamshi krishna, OU=optum, O=uhg, L=hyderabad, ST=india, C=91 correct?
  [no]:  yes

Enter key password for <optum>
        (RETURN if same as keystore password):
Re-enter new password:

C:\Users\edi5752>


Right now JBoss won't have any connector for https, so we need to connect this connector with a sybsystem in jboss.

<subsystem xmlns="urn:jboss:domain:web:2.2" default-virtual-server="default-host" native="false">
            <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
            <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enabled="true">
                <ssl name="optum-ssl" key-alias="optum" password="123456" certificate-key-file="C:\Users\edi5752\Documents\vamsi\optum.keystore"/>
            </connector>
            <virtual-server name="default-host" enable-welcome-root="true">
                <alias name="localhost"/>
                <alias name="example.com"/>
            </virtual-server>
        </subsystem>


if you are running your standlone in full mode
 
 
Understand what is Layer 7, and understand what Auth code ..etc

OSI model:

7.  Application layer
6.  Presentation layer
5.  Session layer
4.  Transport layer
3.  Network layer
2.  Data link layer
1.  Physical layer




No comments:

Post a Comment