Accendia Inc

JNetStart Administration and Development Guide

Communication Security

The JNetStart client can conect to the server over a secure connection with the following advantages:

The server is authenticated. This means that if a client establishes a connection to the host yourdomain.com it is practically impossible for an attacker to steal your server identity and accept client connections instead of your legitimate server. The server authentication is accomplished using public key cryptography;
The messages that are exchanged between the client and the server are encrypted;
A message digest is appended to each exchanged message; The message digest is used to verify the integrity of the message in order to prevent attackers to send rogue messages either to the client or the server.

Without server authentication, encryption and message digests it is possible for an attacker to replace the legitimate server with another server in order to steal passwords or to replace the remote application with a modified version of the application that serves the attacker's purpose.

Certificate Installation

In order to enable communication security it is enough to install a server certificate. Request a standard Java certificate from a Certificate Authority and import the certificate into the Java keystore file JNS_ROOT/server/security/PrivateKey.keystore under the alias local. The password of the keystore must be password.

Use the Java keytool command to import the certificate:

  > keytool -import -file certificate_file.cert -alias local -keypass password  \
                         -keystore PrivateKey.keystore -storepass password

The server will look for the certificate at startup and enable communication security.

The same server certificate will be used by the HTTPS service for creating SSL connections. The HTTPS service is enabled by configuring the HTTPS port in the server configuration file JNS_ROOT/server/cfg/config.properties.

Secure Client

The client connects in secure mode by setting to true the parameter secure for JNetStart plugin objects or jnssecure for the JNetStart Applet and the Accendia Browser. If a certificate is not installed on the server or the domain where the client connects is not identical to the domain of the certificate the connection will fail with a security exception.