SSL, TLS, keystores, and certificates

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols that enable clients and servers to communicate over a secure connection. Those security protocols use certificates to validate the identity of the client and server. Certificates are contained in keystores.

SSL and TLS are standard protocols for secure communication between web browsers and application servers, such as Rational DOORS Web Access. Those protocols are also implemented for secure communication between the Rational DOORS client and the database server. With SSL and TLS, data is encrypted by one side, transmitted, and then decrypted by the other side before processing. Both the client and the server encrypt all data for communication in both directions.

SSL also provides authentication. During the communication between a client and a server, the server presents the client with credentials in the form of a certificate, which provides assurance of the identity of the site. The server might also request a certificate from the client. Certificates are contained in keystores.

The owner of the certificate signs it with an encrypted signature. Typically, you purchase a certificate from a well-known certificate authority (CA) vendor, such as VeriSign or Thawte. Such certificates can be electronically verified by the CA.

In some cases, such as in test environments, authentication is not a concern. For those cases, Java includes a keytool command-line utility that you can use to create a keystore and a self-signed certificate. Self-signed certificates are not officially registered with a CA.


Feedback