Thread: [Htmlunit-user] SSL Client Certificate

Java GUI-Less browser, supporting JavaScript, to run against web pages

Brought to you by: asashour, bradclarke, mbowler, mguillem, and 2 others

htmlunit-user

[Htmlunit-user] SSL Client Certificate

From: Tristan J. <tt7...@gm...> - 2016-08-23 05:33:21

I've been creating a program that will log into a given paypal account and
then navigate to the activities page to pull all the transactions on that
list to be displayed in a table. However, I'm wondering if the credentials
of the user that's logging in will be secure or not. Paypal of course uses
HTTPs/SSL etc. but my question is do I need to provide a certificate of my
own? If not then will the user name and password still be as safe as if I
was using my normal chrome browser? Would distributing this app make the
login credentials insecure (past the inherit ability to find them in the
source code).

It says here
<http://security.stackexchange.com/questions/110621/ssl-newbie-does-https-client-also-need-a-certificate>
that
I don't need to have one on my side but I'd just like to be absolutely sure.

 ~ Thank you in advance.

Re: [Htmlunit-user] SSL Client Certificate

From: Ahmed A. <asa...@ya...> - 2016-08-24 06:29:37

Hi,
There are two things, server Certificate and (optional) client certificate.
SSL ensures your password is secure.
You need to trust the server certificate only if it not trusted by its chain (in which case you would get an SSL exception).
You don't provider your own certificate, except if the server needs client certificate and yours is known to it.
Hope that helps,
Ahmed

From: Tristan Janicki <tt7...@gm...>
To: "htm...@li..." <htm...@li...>
Sent: Tuesday, August 23, 2016 7:33 AM
Subject: [Htmlunit-user] SSL Client Certificate

I've been creating a program that will log into a given paypal account and then navigate to the activities page to pull all the transactions on that list to be displayed in a table. However, I'm wondering if the credentials of the user that's logging in will be secure or not. Paypal of course uses HTTPs/SSL etc. but my question is do I need to provide a certificate of my own? If not then will the user name and password still be as safe as if I was using my normal chrome browser? Would distributing this app make the login credentials insecure (past the inherit ability to find them in the source code).
It says here that I don't need to have one on my side but I'd just like to be absolutely sure.
~ Thank you in advance.
------------------------------------------------------------------------------

_______________________________________________
Htmlunit-user mailing list
Htm...@li...
https://lists.sourceforge.net/lists/listinfo/htmlunit-user

Re: [Htmlunit-user] SSL Client Certificate

From: Tristan J. <tt7...@gm...> - 2016-08-24 07:32:50

Very helpful thank you very much. In this case it seems absolute that I do
not need to provide a client certificate (as PayPal has its own server side
one and would not recognize mine anyways)
On Aug 24, 2016 2:30 AM, "Ahmed Ashour" <asa...@ya...> wrote:

> Hi,
>
> There are two things, server Certificate and (optional) client certificate.
>
> SSL ensures your password is secure.
>
> You need to trust the server certificate only if it not trusted by its
> chain (in which case you would get an SSL exception).
>
> You don't provider your own certificate, except if the server needs client
> certificate and yours is known to it.
>
> Hope that helps,
> Ahmed
>
>
> ------------------------------
> *From:* Tristan Janicki <tt7...@gm...>
> *To:* "htm...@li..." <htmlunit-user@lists.
> sourceforge.net>
> *Sent:* Tuesday, August 23, 2016 7:33 AM
> *Subject:* [Htmlunit-user] SSL Client Certificate
>
> I've been creating a program that will log into a given paypal account and
> then navigate to the activities page to pull all the transactions on that
> list to be displayed in a table. However, I'm wondering if the credentials
> of the user that's logging in will be secure or not. Paypal of course uses
> HTTPs/SSL etc. but my question is do I need to provide a certificate of my
> own? If not then will the user name and password still be as safe as if I
> was using my normal chrome browser? Would distributing this app make the
> login credentials insecure (past the inherit ability to find them in the
> source code).
>
> It says here that I don't need to have one on my side but I'd just like
> to be absolutely sure.
>
>  ~ Thank you in advance.
>
> ------------------------------------------------------------
> ------------------
>
> _______________________________________________
> Htmlunit-user mailing list
> Htm...@li...
> https://lists.sourceforge.net/lists/listinfo/htmlunit-user
>
>
>
> ------------------------------------------------------------
> ------------------
>
> _______________________________________________
> Htmlunit-user mailing list
> Htm...@li...
> https://lists.sourceforge.net/lists/listinfo/htmlunit-user
>
>