JavaBlog.fr / Java.lu Cryptology,Java,Tools Java : SSL : Generate TrustStore, self-signed certificate, tool PorteCle

Java : SSL : Generate TrustStore, self-signed certificate, tool PorteCle

Hello,

After my previous post concerning the SSL, PorteCle Generate KeyStore, self-signed certificate, tool PorteCle, concerning the generation of server’s KeyStore, self-signed certificate…, in this post, i would expose the case of a server SERVER1 which communicates with an other server securized SERVER2 (like Jboss, Tomcat,…), so, now, we are speaking about the TrustStore of server.

A keystore contains private keys, and the certificates with their corresponding public keys. A truststore contains certificates from other parties that you expect to communicate with, or from Certificate Authorities that you trust to identify other parties.

So it’s necessary to add the certificate of SERVER1 contained in its KeyStore, into the TrustStore of SERVER2.

Create a new TrustStore
First, execute the portecle and create a new KeyStore/TrustStore which will contain the certificate:
article-portcle-3
… select the type Java Keystore:
article-portcle-4

Import a trusted certificate
Importation of a new certificate (or Key Pair) in the previous created TrustStore for the SERVER2:
article-portcle-3-1
…then, select the *.cer certificate file of SERVER1:
article-portcle-3-2
…give the same name than the *.cer file to the imported certificate:
article-portcle-3-3
article-portcle-3-4
…finally, save the TrustStore of SERVER2 with the name myTrustStore.ks on the local disk with a specific password myPass123:
article-portcle-3-5
article-portcle-3-6
article-portcle-3-7

Tomcat Server Configuration
Copy this TrustStore on SERVER2 file system and modify the “Java Options” of Tomcat server in order to add the following options (Configure Tomcat or Eclipse server environment):

-Djavax.net.ssl.trustStore="..../myTrustStore.ks"
-Djavax.net.ssl.trustStorePassword="myPass123"

That’s all!!!!!

Huseyin OZVEREN

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.

Related Post