views:

336

answers:

1

Hello, I have developed a REST service with Apache Jersey, running on Tomcat.

It works OK, but now I have to securize it using data obtained from a X.509 client certificate. I don't know where to start...

Could you guys give me some advices?? Thank you for your valuable help.

A: 

As a starting point, you need Tomcat to perform certificate validation. There are tutorials on how to do that, here and here.

Martin v. Löwis
If you just want to make sure that the data is encrypted and cannot be intercepted or tampered with during transmission, then you just need to configure the server certificate for 1-way SSL(and not worry about client certificates). The SSL How-To should get you going.
Mads Hansen