Using the HotJava(tm) Browser

is dim:

-->

When you access an https site, the secure server uses a certificate to encrypt and authenticate the connection. If you have marked that certificate as trusted, you'll connect to the site without notice. Otherwise, the HotJava Browser displays a dialog that gives you the option to always trust that certificate in the future, and thereby avoid the dialog whenever future connections are made with that certificate.

If you choose to always trust the certificate, it is added to the scrolling list displayed on the SSL and Certificate Settings page, where you can modify its permissions.

For each certificate listed in the scrolling list on the SSL and Certificate Settings page, you can make either, both, or neither of two choices:

Trust SSL connections: Allows the HotJava Browser to connect automatically, without warnings or interruptions, to any site that uses the selected certificate.
Trust as Certificate Authority: Allows the HotJava Browser to connect automatically to any site that uses a certificate issued by this authority. Certificate authorities are trusted third parties that issue certificates. When you choose this option, you're extending trust to certificates you may not have seen.

If you don't check either box, you'll be asked to grant permission before a connection to a site using this certificate is completed.

When you select a certificate in the scrolling list, you'll see a notice in the text field to the right of the list that tells you whether or not the certificate has been verified. You cannot set Trust permissions for that certificate until it has been verified.

To verify a certificate, click on the Details button to see more information about the selected certificate, including its Fingerprint. This is a mathematical representation of the certificate that is difficult to forge. If you verify that the sequence of numbers in the Fingerprint field matches the fingerprint given to you from the certificate owner, you can be confident that the certificate is valid. You must contact the owner of the certificate to verify the fingerprint.

When you get a new certificate from an unknown source, you'll need to verify that the certificate is valid by verifying the fingerprint. The certificates that are shipped with the HotJava Browser have already been verified.

If a Certificate Authority has been verified, all the certificates issued with that Certificate Authority are automatically treated as verified.

When you connect to a site that uses a certificate that has not yet been trusted, you'll see a dialog, as mentioned earlier. This dialog gives you these options:

Trust Now means trust this certificate for this connection only.
Trust Always means trust this certificate now, add it to the list of certificates your HotJava Browser knows about, and mark it as Trusted for SSL connections.
Extend trust to more certificates means you can extend the trust to the Certificate Authority that issued this certificate. If you click on More>>, you'll be provided the option to trust that Certificate Authority. If that Certificate Authority was issued by another Certificate Authority, you'll have the chance to extend trust to more certificates again, and so on. Otherwise, you'll have the option to go back "down the chain" of certificates and Certificate Authorities. If you choose Trust Always at any point, the currently displayed certificate is trusted, as are all the certificates and Certificate Authorities along the chain that led to this certificate.
Cancel means don't connect at this time.

Back to HotJava User's Guide Table of Contents

Back to HotJava Browser Menus

Follow these links for information about other Preferences pages:

/utility-header.gif">

Use the SSL and Certificate Settings page to give the HotJava Browser permission to automatically accept SSL (secure) connections from any site that uses a partdt/appconfig/hotjava/UsersGuide/toc.html010044400000000000002000000037620634421607300204350ustar00rootbin00000400000016 Using the HotJava(tm) Browser

Follow these links for information about using the HotJava Browser:

Java programmers who want to extend the HotJava Browser should see:

Content and Protocol Handlers

Use these shortcuts to Hot Topics found in the documents listed above:

Use the index to search for a term in the HotJava Browser User's Guide:

INDEX

dt/appconfig/hotjava/UsersGuide/trouble.html010044400000000000002000000152710634421607500213240ustar00rootbin00000400000016 HotJava(tm) Browser Troubleshooting

Look here for answers to questions about problems you may have. You might also want to check out the Frequently Asked Questions (FAQ)< HotJava(tm) Browser SSL and Certificate Preferences

Use the SSL and Certificate Settings page to give the HotJava Browser permission to automatically accept SSL (secure) connections from any site that uses a particular certificate, or from any site that uses certificates issued by a particular certificate authority. Access this page by selecting Edit->Preferences->Certificate and SSL Settings.

NOTE: This menu item is not available in the exported versions of the HotJava Browser, as the SSL feature is only supported for the US Domestic release.

SSL (Secure Sockets Layer) means you can connect to URLs that begin with https:// (as opposed to http://). When you do so, information that passes between your site and the https secure server may be encrypted while in transit. Only your computer and the server can make sense of that information. This is important because it allows you to securely transfer private information, such as credit card numbers and passwords.

In addition, HotJava's SSL support means that the https secure server can authenticate itself to the HotJava Browser. This means that no other computer can deceive the HotJava Browser to think that they are the secure site, and thereby intercept information you send to that site. (Future versions of HotJava will also allow the HotJava Browser to authenticate itself to https secure servers.)
When you are connected to a secure site, a key appears to the right of the Place field: