-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set up skeleton. #5
Conversation
|
||
public class Certs { | ||
|
||
final String ROOT_CA = ""; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there an intermediate CA key or is the root CA key going to sign certificates directly ? (I would argue the former is safer)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it makes a big difference in our small scale example. Having an intermediate CA adds just another link in the chain. The system would be equally compromised because I think all the certificates will then be signed with the intermediate certificate?
|
||
public static void main( String[] args ) throws IOException { | ||
|
||
HttpsServer srvr = new HttpsServer("",PORT_NUMBER); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm guessing the way the server is started now its HTTP and not HTTPS, right ? We would need something like the following before starting the server:
server.makeSecure(NanoHTTPD.makeSSLSocketFactory("/keystore.jks", "password".toCharArray()), null);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Exactly, before srvr.start() is called, srvr.makeSecure() is executed with (probably) the root certificate used for the web server as well
No description provided.