blocks|key|1147963|text|我的意思是，在我的JAR中，我还需要做额外的工作吗，比如使用|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1147964|加密扩展API通过still手动加密我的数据？|blockquote|1147965|1147966|1147967|将为您完成加密(使用Java安全套接字扩展)。只需使用https://建立连接即可。也许可以看看更高级的应用程序接口的HTTP+Client。|offset|length|style|CODE|1147968|顺便说一句，证书在服务器端(除非您也想进行客户端身份验证，在这种情况下，您还需要一个客户端证书)。|1147969|是的，您可以使用自签名证书，但使用由著名的证书颁发机构(CA)+(如Verisign、Thawte等)签名的证书的好处之一是，您不必将其添加到客户端VM的信任存储中(除非您禁用验证机制)。|1147970|entityMap|0|LINK|mutability|MUTABLE|url|http://hc.apache.org/httpclient-3.x/sslguide.html^0|0|0|0|0|R|8|1N|B|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|Z|8|@]|9|@]|A|$]]|$1|E|3|-4|5|6|7|10|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|11|8|@]|9|@]|A|$]]|$1|G|3|H|5|6|7|12|8|@$I|13|J|14|K|L]]|9|@$I|15|J|16|1|17]]|A|$]]|$1|M|3|N|5|6|7|18|8|@]|9|@]|A|$]]|$1|O|3|P|5|6|7|19|8|@]|9|@]|A|$]]|$1|Q|3|-4|5|6|7|1A|8|@]|9|@]|A|$]]]|R|$S|$5|T|U|V|A|$W|X]]]]

<blockquote>
 I mean in my JAR, will I still need to do extra work like use Java encryption extensions API to manually encrypt my data over the SSL connection?
</blockquote>

Encryption will be done for you (with the Java Secure Socket Extension). Just establish your connection using <code>https://</code>. Maybe have a look at <a href="http://hc.apache.org/httpclient-3.x/sslguide.html" rel="nofollow noreferrer">HTTP Client</a> for a higher level API.

By the way, the certificate goes on the server side (unless you want to do client-authentication too in which case, well, you'll need a client certificate too).

And yes, you could use a self-signed certificate but one of the benefits of using a certificate signed by a well known Certificate Authority (CA) like Verisign, Thawte, etc is that you won't have to add it to the trust store of the client VM (unless you disable the verification mechanism).

blocks|key|4877193|text|按照SSL+Configuration+HOW-TO了解如何设置https。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|4877194|entityMap|0|LINK|mutability|MUTABLE|url|http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html^0|2|O|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

Follow the <a href="http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html" rel="nofollow noreferrer">SSL Configuration HOW-TO</a> on how to setup https.

blocks|key|3408384|text|如果你的目标只是获得加密，你不需要购买证书。你可以做你自己的。购买证书只会创建返回到verisign+(或任何人)的验证链，给用户一个温暖的模糊，表明你真的是你所说的那个人。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3408385|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

If your goal is just to get the encryptian, you don't need to buy a certificate. You can make your own. Buying a certificate just creates the verification chain back to verisign (or whomever) to give users a warm fuzzy that you're really who you say you are.

blocks|key|4877166|text|SSLSocket应该会为您处理大部分工作。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|4877167|entityMap|0|LINK|mutability|MUTABLE|url|http://stilius.net/java/java_ssl.php^0|0|9|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

<a href="http://stilius.net/java/java_ssl.php" rel="nofollow noreferrer">SSLSocket</a> should handle most of the work for you.

blocks|key|1147928|text|根据定义，所有通过SSL发送的数据都是加密的，您根本不需要担心加密。此外，您不需要通过证书来实现这一点:您可以自己颁发证书。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1147929|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

All data sent over SSL is by definition encrypted, you do not need to worry about encryption at all. Also, you do not need to by a certificate to achieve that: you can issue one on your own.

blocks|key|1092259|text|如果您将在Tomcat上设置SSL并通过HTTPS发送数据，那么加密将为您完成。但是如果你只需要加密你的数据通道，你实际上不需要购买证书，你可以生成一个自签名证书。请看一下http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html页面，了解如何为Tomcat配置SSL。但请注意，HTTPS可以配置为根本不使用加密(至少在Apache+httpd上)。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|1092260|entityMap|0|LINK|mutability|MUTABLE|url|http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html^0|2E|1I|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

If you'll set up the SSL on Tomcat and send your data over HTTPS then the encryption will be done for you. But you don't actually need to purchase a certificate if you only need encryption for your data channel, you could generate a self-signed certificate. Have a look at this page <a href="http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html" rel="nofollow noreferrer">http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html</a> on how to configure SSL for Tomcat. But note that HTTPS can be configured not to use encryption at all (at least on Apache httpd).

blocks|key|3408511|text|回答您的问题时，SSL实现会自动加密数据。您不需要担心使用额外的加密例程。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|3408512|购买SSL证书可能是最容易的，因为SSL实现使用公共根证书提供了简单的认证身份验证，并提供了验证服务。但是，您可以使用自签名证书来节省一些资金。|3408513|即使使用自签名证书，在连接到服务器时，从桌面应用程序验证服务器证书上的签名也很重要。这将防止中间人攻击。|3408514|您不必将您的自签名证书添加到存储中，因为您应该能够禁用自动验证机制并使用您自己的验证机制。|3408515|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|J|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|K|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|L|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|M|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|I|$]]

To answer your question, SSL implementations automatically encrypt the data. You don't need to worry about using additional encryption routines.

It might be easiest to purchase an SSL certificate because SSL implementations provide easy certification authentication using common root certificates and provide a verification service. However, you could save some money by using a self-signed certificate.

Even with a self-signed certificate, it's important to validate the signature on the server certificate from the desktop application when you connect to the server. This will prevent man in the middle attacks.

You won't have to add your self signed certificate to the store because you should be able to disable the automatic verification mechanism and use your own.

I'm new to SSL connections so here goes my question.

I have a desktop Java program in a JAR file. This JAR sends sensitive information over the internet to a remote Tomcat server. Of course I need to encrypt the data.

If I purchase an SSL cerfiticate say from Verisign, will the data sent over SSL be automatically encrypted?

I mean in my JAR, will I still need to do extra work like use Java encryption extensions API to manually encrypt my data over the SSL connection?

Thank you.

SSL and Tomcat using Java

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

我是SSL连接的新手，所以我的问题来了。我在JAR文件中有一个桌面Java程序。此JAR通过internet将敏感信息发送到远程Tomcat服务器。当然，我需要加密数据。如果我从Verisign购买SSL证书，通过SSL发送的数据是否会自动加密？我的意思是，在我的JAR中，我还需要做额外的工作，比如使用Java加密扩展API通过SSL连接手动加密我的数据吗？谢谢。

问使用Java的SSL和Tomcat
EN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问使用Java的SSL和TomcatEN

回答 7

Stack Overflow用户

Stack Overflow用户

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问使用Java的SSL和Tomcat
EN