I can't understand general scheme using certificates.
For example: I have account on the some website. I have name
and password
. What should I do to login to this site? - I should open _https://website:443/login
and fill out fields, and if all is ok, I'll obtain admittance.
Now, I would like to perform these steps programmatically usin java + httpclient(apache). I've written:
client = new DefaultHttpClient();
client.getParams().setParameter(ClientPNames.COOKIE_POLICY,
CookiePolicy.BEST_MATCH);
client.setCookieStore(new BasicCookieStore());
client.getCredentialsProvider()
.setCredentials(new AuthScope(ADDRESS, new Integer(PORT)),
new UsernamePasswordCredentials(USERNAME, USERPWD));
And I should create trustStore with server's certificate:
System.setProperty("javax.net.ssl.trustStore", "./KeyStore/myca");
where 'myca' were made with 'InstallCert.java' - Sun's product.
But I would like to perform all this steps programmatically, like Browser(FFox, or Opera) import server's certificate...User just want to use only my application, not a set of additional application.
How can I do perform it?
And now, the main problem: why do servers not require user's certificate? And how do I can use my own certificate to authenticate? (If I have user's certificate I will not need 'name''password' to login to server?)