How to use SSL with Java (with keytool)

How to use SSL with Java (with keytool)

Related Pages

Authentication Image

server authentication (1-Way SSL)

#Server Side
  Key store
    - Root Certification
    - Server Certification

#Client Side
  Trust Store
    - Root Certification

https://stackoverflow.com/questions/29005649/java-how-setup-an-ssl-one-way-authentification-for-a-server-client-over-a-lan
https://www.ossmentor.com/2015/03/one-way-and-two-way-ssl-and-tls.html

client authentication (2-way SSL)

Client authentication does not want to see the site from other than specific clients

#Server Side
  Trust Store
    - Root Certification


#Client Side
  Key store
    - Root Certification
    - Server Certification

https://www.ossmentor.com/2015/03/one-way-and-two-way-ssl-and-tls.html

Configuration of Server Authentication

Server Side

key pair creation

${JAVA_HOME}/bin/keytool

keytool -genkey -alias server_cer -keyalg RSA -keysize 512
 -keypass changeit -validity 365 -storetype JKS
 -keystore server_keystore -storepass changeit -v

Creating a CSR (Certificate Signing Request)

keytool -certreq -alias server_cer -file server.csr -keypass changeit
 -storetype JKS -keystore server_keystore -storepass changeit

Submit CSR (Certificate Request) to Certificate Authority

Get server certificate

client.cer

Import root certificate into keystore

keytool -import -alias test_root_ca -file  test_root_ca.cer
   -keypass changeit -trustcacerts
   -storetype JKS -keystore server_keystore -storepass changeit

Import server certificate into keystore

keytool -import -alias server_cer -file server.cer -keypass changeit 
 -trustcacerts -storetype JKS -keystore  server_keystore -storepass changeit -v

Client Side

Import root certificate to server side

keytool -import -alias test_root_ca -file test_root_ca.cer -keystore client_cacerts 
  -storetype JKS -keypass changeit -storepass changeit

Configuration of Client authentication

Server Side

Import root certificate to server side

keytool -import -alias test_root_ca -file test_root_ca.cer -keystore server_cacerts 
  -storetype JKS -keypass changeit -storepass changeit

Client Side

key pair creation

keytool -genkey -alias client_cer -keyalg RSA -keysize 512
 -keypass changeit -validity 365 -storetype JKS
 -keystore client_keystore -storepass changeit -v

Creating a CSR (Certificate Signing Request)

keytool -certreq -alias client_cer -file client.csr -keypass changeit
 -storetype JKS -keystore client_keystore -storepass changeit

Submit CSR (Certificate Request) to Certificate Authority

Get server certificate

client.cer

Import root certificate into keystore

keytool -import -alias test_root_ca -file  test_root_ca.cer
   -keypass changeit -trustcacerts
   -storetype JKS -keystore client_keystore -storepass changeit

Import server certificate into keystore

keytool -import -alias client_cer -file client.cer -keypass changeit 
 -trustcacerts -storetype JKS -keystore  client_keystore -storepass changeit -v

Keystore Operation

Checking Certificates Contained in KeyStore

keytool -list -v  -keystore  KeyStore  -storepass Pass

Delete certificate from KeyStore

keytool -delete -alias tomcatkey  -keystore keystore  -storepass password

Table of Contents

How to use SSL with Java (with keytool)

Table of Contents

Authentication Image

server authentication (1-Way SSL)

client authentication (2-way SSL)

Configuration of Server Authentication

Server Side

key pair creation

Creating a CSR (Certificate Signing Request)

Submit CSR (Certificate Request) to Certificate Authority

Get server certificate

Import root certificate into keystore

Import server certificate into keystore

Client Side

Configuration of Client authentication

Server Side

Client Side

key pair creation

Creating a CSR (Certificate Signing Request)

Submit CSR (Certificate Request) to Certificate Authority

Get server certificate

Import root certificate into keystore

Import server certificate into keystore

Keystore Operation

Checking Certificates Contained in KeyStore

Delete certificate from KeyStore