Web hosting account - Chapter 23 . Running a Linux, Apache, MySQL,
Chapter 23 . Running a Linux, Apache, MySQL, and PHP (LAMP) Server 613 During connection establishment between an SSL client and an SSL server, asymmetric (public key) cryptography is used to verify identities and establish the session parameters and the session key. A symmetric encryption algorithm, such as DES or RC4, is then used with the negotiated key to encrypt the data that are transmitted during the session. The use of asymmetric encryption during the handshaking phase allows safe communication without the use of a preshared key, and the symmetric encryption is faster and more practical for use on the session data. In order for the client to verify the identity of the server, the server must have a previously generated private key, as well as a certificate containing the public key and information about the server. This certificate must be verifiable using a public key that is known to the client. In some cases, the server also requires the client to present a certificate that it can verify. However, this is not commonly found on Web servers, except in high-security environments with smaller numbers of clients, where the management of certificates is more practical. More information about the SSL protocol can be found at http://developer.netscape.com/docs/manuals/security/sslin/ contents.htm. Certificates are generally digitally signed by a third-party certificate authority (CA) that has verified the identity of the requester and the validity of the request to have the certificate signed. In most cases, the CA is a company that has made arrangements with the Web browser vendor to have its own certificate installed and trusted by default client installations. The CA then charges the server operator for its services. Commercial certificate authorities vary in price, features, and browser support, but remember that price is not always an indication of quality. Some common ones include InstantSSL (www.instantssl.com), Thawte (www.thawte.com), and VeriSign (www.verisign.com). You also have the option of creating self-signed certificates, although these should only be used for testing or when a very small number of people will be accessing your server and you do not plan to have certificates on multiple machines. Directions for generating a self-signed certificate are included in the following section. The last option is to run your own certificate authority. This is probably only practical if you have a small number of expected users and the means to distribute your CA certificate to them (including assisting them with installing it in their browsers). The process for creating a CA is too elaborate to cover in this book but is a worthwhile alternative to generating self-signed certificates. Guides on running your own CA can be found at these sites: . http://pseudonym.org/ssl/ssl_cook.html . http://sial.org/howto/openssl/ca/ Note
Note: In case you are looking for affordable and reliable webhost to host and run your j2ee application check Vision J2ee Web Hosting services.