cmdref.net - Cheat Sheet and Example

cmdref.net is command references/cheat sheets/examples for system engineers.

User Tools

Site Tools


Sidebar








Cloud



Etc


Reference














.

protocol:openssl:java-ssl



How to use SSL with Java (with keytool)

Authentication Image

server authentication (1-Way SSL)

client authentication (2-way SSL)

Client authentication does not want to see the site from other than specific clients

#Server Side
  Trust Store
    - Root Certification


#Client Side
  Key store
    - Root Certification
    - Server Certification


https://www.ossmentor.com/2015/03/one-way-and-two-way-ssl-and-tls.html




Configuration of Server Authentication

Server Side

key pair creation
${JAVA_HOME}/bin/keytool

keytool -genkey -alias server_cer -keyalg RSA -keysize 512
 -keypass changeit -validity 365 -storetype JKS
 -keystore server_keystore -storepass changeit -v


Creating a CSR (Certificate Signing Request)
keytool -certreq -alias server_cer -file server.csr -keypass changeit
 -storetype JKS -keystore server_keystore -storepass changeit


Submit CSR (Certificate Request) to Certificate Authority


Get server certificate

client.cer


Import root certificate into keystore
keytool -import -alias test_root_ca -file  test_root_ca.cer
   -keypass changeit -trustcacerts
   -storetype JKS -keystore server_keystore -storepass changeit


Import server certificate into keystore
keytool -import -alias server_cer -file server.cer -keypass changeit 
 -trustcacerts -storetype JKS -keystore  server_keystore -storepass changeit -v


Client Side

Import root certificate to server side

keytool -import -alias test_root_ca -file test_root_ca.cer -keystore client_cacerts 
  -storetype JKS -keypass changeit -storepass changeit




Configuration of Client authentication

Server Side

Import root certificate to server side

keytool -import -alias test_root_ca -file test_root_ca.cer -keystore server_cacerts 
  -storetype JKS -keypass changeit -storepass changeit


Client Side

key pair creation
keytool -genkey -alias client_cer -keyalg RSA -keysize 512
 -keypass changeit -validity 365 -storetype JKS
 -keystore client_keystore -storepass changeit -v


Creating a CSR (Certificate Signing Request)
keytool -certreq -alias client_cer -file client.csr -keypass changeit
 -storetype JKS -keystore client_keystore -storepass changeit


Submit CSR (Certificate Request) to Certificate Authority


Get server certificate

client.cer


Import root certificate into keystore
keytool -import -alias test_root_ca -file  test_root_ca.cer
   -keypass changeit -trustcacerts
   -storetype JKS -keystore client_keystore -storepass changeit


Import server certificate into keystore
keytool -import -alias client_cer -file client.cer -keypass changeit 
 -trustcacerts -storetype JKS -keystore  client_keystore -storepass changeit -v


Keystore Operation

Checking Certificates Contained in KeyStore

keytool -list -v  -keystore  KeyStore  -storepass Pass


Delete certificate from KeyStore

keytool -delete -alias tomcatkey  -keystore keystore  -storepass password



protocol/openssl/java-ssl.txt ยท Last modified: 2022/12/17 by admin

Page Tools