ssl

How to properly secure remote API calls over SSL from PHP code

Lets make something clear from the very start: JUST BECAUSE THERE IS https:// IN THE URL OF THE REMOTE SERVICE IT DOES NOT MEAN THE CONNECTION IS SECURE!

I am sorry for the tone of this post but i am enraged by how popular this issue is online. If you ask why i suggest a little experiment.

Steps to follow

  • Change your host file settings to point something like www.somedomain.com to your development server
  • Create a self signed certificate for this domain and setup a https virtual host to serve it on local IP or alias
  • Put a test file on that URL

How to generate self signed SSL certificate for Glassfish v3 and import it into Java keyring

Java applications that use ssl to consume web services via jax-ws or use HTTP clients may check the SSL certificate of the server in runtime. In case if your certificate is self signed or Common Name of the certificate does not match the domain name you will get connection errors.

To be able to develop applications you may need to run them on dev/qa servers and then allow your Java application consume these services. To do it you will need to import their SSL certificates into your local Java keyring (the same way you add exception rules into your browser).

How to import self signed SSL certificate to Java keystore (adding https certificate)

If you are writing a Java or grails application and want to consume https web service or download something over SSL you may need to add the certificate manually to the keystore.

If your web service does not have properly signed certificate (like self signed ones) then you have no choice. Libraries may throw exception and you wont be able to access the resources. But no fear there is an easy way to fix it and add any SSL certificate to local keystore.

How to create self signed ssl certificate for apache2 web server

We often need to test some sites on local machine or development server. Its good to have ssl environment set so we could test all links etc. For that to work we need a ssl certificate for our apache server. Then we will be able to start apache mod ssl extension.

Syndicate content

About the author

Artur Ejsmont

Hi, my name is Artur Ejsmont,
welcome to my blog. I am a passionate software engineer living in Sydney and working for Yahoo!

Web Scalability for Startup Engineers

If you are into technology, you can order my book Web Scalability for Startup Engineers on Amazon. I would love to hear what are your thoughts so please feel free to drop me a line or leave a comment.

Follow my RSS