Client-Server SSL communication + Self signed certificate

邮差的信 提交于 2020-01-06 13:27:37

问题


I'm building a Java Client-Server application. The client will communicating with the Server through SSL. I want to achive that the client needs to be authenticate itself. I mean use a keystore or whatever, but this topic is really new to me.

So my question would be, how can I generate a Client and a Server side Keystore (if that's what it's called) and self sign it. From here I can do the rest.

What I have:

keytool -genkeypair -alias test -keystore test.store -storepass StorePass -validity 365 -keyalg RSA -keysize 2048 -dname "CN=TestCompany Ltd., OU=TestCompany Developments, O=TestCompany Ltd., L=MyCity, S=MyState, C=HU" -storetype jks

keytool -keystore test.store -certreq -alias test -keyalg rsa -file test.csr

I think now I need to self-sign the test.csr, right? But what will be this? Should be this used on the Server or the Client side?

And there again on the server side there should be a Keystore which only contains the certificate, but not the private key? Or how does this work? :)

Thanks for any help in advance!


回答1:


You've generated a CSR. Certificate Signing Request. So, you need somebody to sign it. If you just want a self-signed certificate, use the -selfcert option.

On the server side you need a keystore file containing both the private key and the signed certificate, under the same alias.

On the client side top you need either:

  • a truststore containing the self-signed certificate, if you do that, or
  • a truststore containing the CA certificate or its root, if you have it CA-signed, and Java already comes with ones of these.


来源:https://stackoverflow.com/questions/23227849/client-server-ssl-communication-self-signed-certificate

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!