All geek questions in one place

Access the SSL private key from the servlet

I run Apache Tomcat locally and install the self-signed certificate using OpenSSL. I also have a servlet.

I want to do the following: The servlet accepts POST parameters and will return parameters signed using the PrivateKey server. That is, process the input parameter as an integer and raise it to the level of the secret key.

Problem: Is it possible to access the PrivateKey server from the servlet? If it is hosted on any other hosting, it may not be possible to obtain it directly. So, is there a way so that I can request that the server "sign" some part of the data with its private key?

Thanks in advance.

+3
source share
4 answers

It depends on how you configure the container. In general, the SSL container configuration will not be accessible to the servlet that it contains. For example, in Apache Tomcat, the configuration of this SSL connector can be completely independent of the settings available to the servlet. (In addition, SSL can be processed by the APR or the Apache Httpd interface, for example, which will not have much to do with the configuration of the Java keystore).

You will probably be able to access the keystore if they are configured using properties javax.net.ssl.*. However, this is not necessarily a way to configure the SSLContextserver connector. It is generally not recommended to pass these parameters on the command line or in a production environment.

, , , , , , , . , , Tomcat , .

, , - ( ). , , SSL , ( ).

+1

weberver, , - , , API-!

- ( ), - . , , , , .

+2

Java, , .

0

A servlet can access any data on your computer, including keys. The only situation may be when Apache and Tomcat work under different usernames, and the keys are blocked for access only by Apache username. You can do the trick in this case as a process under the Apache username and read the file.

0
source

Source: https://habr.com/ru/post/1772043/

More articles:


All Articles