Date: Mon, 01 Dec 1997 09:48:53 -0800
From: David Brownell <db@Eng>
To: "r1naray@IBMIN"@us.ibm.com
Subject: Re: Generation of Certificates using Servlets
CN=R, Narayan/OU=India/O=IBM wrote:
>
> Hello,
>
> We at IBM Global Services India are working on a project thats needs the
> genartion of certificates to be triggered remotely, through the Net. I
> understand from your pages that this could be possible with the use of
> Servlets, and I was wondering if you could give me more information about this.
> Any references to pages, or Whitepapers, etc will be grately appreciated.
> We are using the Domino GO webserver, which, incidentally has the Servlet and
> Beanbox support.
You need a variety of things:
- X.509 certificate APIs, to create the certificates;
- Key management APIs, to securely manage the private key
of the certificate issuer;
- User Interfaces supporting several different "enrollment"
procedures;
- Tools to securely manage your data, including a database
to store the certificates you create.
Servlets support part of the user interface; in particular, interacting
with web-based clients.
My advice: download a version of the Java Web Server and have a look
at the simple "CA Servlet", in the "servlets" directory. It uses some
private APIs for the X.509 and key management support, supports only a
single enrollment procedure (the one used by Netscape browsers), and
has no management support whatever. That is, it's not what you need,
but may be a useful way for you to learn what needs doing.
I think that the free Beta release of Java Web Server 1.1 is still
available through the Java Developer's Connection. You'll need an
SSL-enabled version. I don't know if you'll be able to run that servlet
in that Lotus web server, due to the status of X.509 and key management
APIs not yet being standard.
Best wishes,
- David Brownell
JavaSoft
> Regards,
> Narayan
> IBM Global Services India ltd.
> Bangalore
> India