Client-Server SSL communication + Self signed cert

2019-09-01 14:03发布

I'm building a Java Client-Server application. The client will communicating with the Server through SSL. I want to achive that the client needs to be authenticate itself. I mean use a keystore or whatever, but this topic is really new to me.

So my question would be, how can I generate a Client and a Server side Keystore (if that's what it's called) and self sign it. From here I can do the rest.

What I have:

keytool -genkeypair -alias test -keystore test.store -storepass StorePass -validity 365 -keyalg RSA -keysize 2048 -dname "CN=TestCompany Ltd., OU=TestCompany Developments, O=TestCompany Ltd., L=MyCity, S=MyState, C=HU" -storetype jks

keytool -keystore test.store -certreq -alias test -keyalg rsa -file test.csr

I think now I need to self-sign the test.csr, right? But what will be this? Should be this used on the Server or the Client side?

And there again on the server side there should be a Keystore which only contains the certificate, but not the private key? Or how does this work? :)

Thanks for any help in advance!

标签： ssl certificate keystore keytool jsse

1条回答

Rolldiameter

2楼-- · 2019-09-01 14:51

You've generated a CSR. Certificate Signing Request. So, you need somebody to sign it. If you just want a self-signed certificate, use the -selfcert option.

On the server side you need a keystore file containing both the private key and the signed certificate, under the same alias.

On the client side top you need either:

a truststore containing the self-signed certificate, if you do that, or
a truststore containing the CA certificate or its root, if you have it CA-signed, and Java already comes with ones of these.

0人赞添加讨论(0) 举报

Client-Server SSL communication + Self signed cert

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间