Manualshelf

Installation manual

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
51525354555657585960
Mutual authentication
Exchange of identification through public-key certificates. The client and
server identities are encoded in public-key certificates, which contain the
following components:
v Subjects distinguished name
v Issuers distinguished name
v Subjects public key
v Issuers signature
v Validity period
v Serial number
You can also use secure HTTP (HTTPS) to ensure that a clients security
information is not compromised as it is downloaded from a server.
An SSL session is established in the following sequence:
1. The client and the server exchange hello messages to negotiate the encryption
algorithm and hashing function (for message integrity) to be used for the SSL
session.
2. The client requests an X.509 certificate from the server to prove its identity.
Optionally, the server can request a certificate from the client. Certificates are
verified by checking the certificate format and the validity dates and by
verifying that the certificate includes the signature of a trusted certificate
authority (or is self-signed).
3. The client randomly generates a set of keys that is used for encryption. The
keys are encrypted with the servers public key and securely communicated to
the server.
Certificates, encryption, and authentication
Security is controlled by certificates that act as electronic ID cards. These are
usually issued by Certificate Authorities (CAs), which are organizations that are
trusted by the industry as a whole and whose business is the issuing of Internet
certificates. A CAs certificate, which is also known as a root certificate, includes
(among other things) the CAs signature and a validity period. For Host
On-Demand, you can use a CAs certificate, but you can also create and sign your
own. The purpose of a certificate is to assure a program or a user that it is safe to
allow the proposed connection and, if encryption is involved, to provide the
necessary encryption/decryption keys.
Encryption and authentication are performed by means of a pair of keys, one
public, one private. The public key is embedded into a certificate, known as a site
or server certificate. The certificate contains several items of information, including
the name of the Certificate Authority (CA) that issued the certificate, the name and
public key of the server or client, the CAs signature, and the date and serial
number of the certificate. The private key is created when you create a self-signed
certificate or a CA certificate request and is used to decrypt messages from clients.
To support SSL services, Host On-Demand uses two databases:
HODServerKeyDb.kdb
Is created the first time you configure SSL for the Host On-Demand
Redirector. This database contains the servers private key and certificate,
and a list of CAs. Because the CAs are included in the file, they are called
Chapter 9. Security 49