Use the SSL and Certificate Settings page to give the HotJava Browser permission to automatically accept secure SSL connections from any site that uses a particular certificate, or from any site that uses certificates issued by a particular Certificate Authority. Access this page by selecting Edit->Preferences->Certificate and SSL Settings.

NOTE: This menu item is not available in versions of the HotJava Browser that do not support SSL. Most versions do support SSL.

SSL (Secure Sockets Layer) support means you can connect to URLs that begin with https:// (as opposed to http://). When you do so, information that passes between your site and the https secure server may be encrypted while in transit. Only your computer and the server can make sense of that information. This is important because it allows you to securely transfer private information, such as credit card numbers and passwords.

The U.S. and Canada Domestic version supports SSL with 128-bit encryption. The Global version for most other countries supports SSL with 40-bit encryption, which meets U.S. Federal Government export constraints.

In addition to encrypting information in transit, HotJava's SSL support means that the https secure server can authenticate itself to the HotJava Browser. This means that no other computer can deceive the HotJava Browser to think that it is the secure site, and thereby intercept information you send to that site.

When the HotJava Browser connects to a secure site, a key appears to the right of the Place field:

When you access an https site, the secure https server uses a certificate to encrypt and authenticate the connection. Certificates, also called digital IDs, are used to attest to someone's or some company's identity over a network, much like a driver's license is used to attest to the identity of someone who can legally drive. When you connect to an https site, that site must present its certificate as part of the SSL encryption process.

Certificate Authorities are trusted third parties that verify identities and issue certificates.

Once you have marked a certificate as trusted, whenever you connect to an https site that uses that certificate, you'll connect to the site without notice. If a site's certificate has not been marked as trusted, the HotJava Browser displays a dialog that gives you the following options:

• Trust Now means trust this certificate for this session of the HotJava Browser only. Trust for this certificate is not maintained when you restart the browser, although the certificate is added to the list of certificates your HotJava Browser knows about.

• Trust Always means trust this certificate now, add it to the list of certificates your HotJava Browser knows about, and mark it as Trusted for SSL connections.

• Extend trust to Certificate Authorities? means you can extend trust to the Certificate Authority that issued this certificate. If you click on More>>, you'll be shown the issuing Certificate Authorities' certificate, and provided the option to trust that certificate. If that certificate was issued by another Certificate Authority, you'll have the chance to extend trust to that Certificate Authority, and so on. Otherwise, you'll have the option to go back "down the chain" of certificates.
  If you choose Trust Always for any of the Certificate Authorities, the currently displayed certificate is trusted, as are all the certificates this Certificate Authority issues. In addition, all the certificates and Certificate Authorities along the chain that led to this Certificate Authority are marked as trusted. When you choose this option, you're extending trust to certificates you may not have seen.

• Cancel means don't connect at this time.

When you choose to trust a certificate, it is added to the scrolling list displayed on the SSL and Certificate Settings page, where you can modify its permissions.

For each certificate listed in the scrolling list on the SSL and Certificate Settings page, you can make either, both, or neither of two choices:

• Trust SSL connections: Allows the HotJava Browser to connect automatically, without warnings or interruptions, to the site that uses the selected certificate.

• Trust as Certificate Authority: Allows the HotJava Browser to connect automatically to any site that uses a certificate issued by this Certificate Authority. When you choose this option, you're extending trust to certificates you may not have seen.

If you don't check either box, you'll be asked to grant permission (at connection time) before a connection to a site using this certificate is completed, as described above.

Verifying Certificates

When you select a certificate in the scrolling list, you'll see a notice in the text field to the right of the list that tells you whether or not the certificate has been verified. You cannot set Trust permissions for that certificate until it has been verified.

To verify a certificate, click on the Details button to see more information about the selected certificate, including its Fingerprint. This is a mathematical representation of the certificate that is difficult to forge. If you confirm that the sequence of numbers in the Fingerprint field matches the fingerprint given to you from the certificate owner, you can be confident that the certificate is valid. You need to contact the owner of the certificate to verify the fingerprint. For maximum security, this confirmation should not happen via the Internet. Use the telephone, a fax machine, or regular mail.

If a Certificate Authority has been verified, all the certificates issued with that Certificate Authority are automatically treated as verified.

Back to HotJava User's Guide Table of Contents

Back to HotJava Browser Menus

Follow these links for information about other Preferences pages:

• Display
• Proxies
• Viewer Applications
• Mail (previous topic)
• Applet Security (next topic)