SSL in Java with Keytool to generate public-private key pair

One Way SSL in Java

One Way SSL in Java

Step 1: Create public-private key pair: Using keytool utility, which is packaged in %JAVA_HOME%/bin/keytool.exe you can create “public-private” key-pair. This means the public and private keys are mathematically related so that encrypting with one key can be decrypted with the other key, and vice versa. “RSA” is the algorithm used.

Used “changeit” as the password. You need to answer the questions when propmpted . For example:

Now listing created “myserver.keystore”

as you can see the alias is “myserver” and it says it is a “PrivateKeyEntry“.

You get more detail with the “-V” for verbose.

The above certificate is valid for 365 days. The cert created above is a self-signed certificate. So, you will get a warning on the browser

Browser warning for self-signed certificates

Browser warning for self-signed certificates

Step 2: Extract the “public key” from the “public-private” key pair: created in Step 1.

Display the cert with public key:

Step 3: Import the extracted “public key” into a truststore: Truststore is for the public keys as keystore is for the private keys. This is mainly a naming convention as the storage type is “JKS“, which stands for Java Key Store.

You can list it as we did for the keystore.

Note that this time it is a “trustedCertEntry” as opposed to “PrivateKeyEntry”.

The “-V” listing gives

Step 4: One way SSL: Say a client needs to invoke a RESTful web service running on a JBoss application server

Configure Server side: e.g. JBoss with the private key. standalone/configuration/standalone.xml

Note: certificate-key-file=”../standalone/configuration/myserver.keystore”.

Configure Client side: Say a stand-alone Java application

If you want to debug SSL handshake then add “-Djavax.net.debug=ssl”.

You may also like Java SSL & Java security posts:

1) Debugging SSL issues in Java & tools to debug

2) SSL and truststore vs keystore for Java developers

3) 15 Security key area interview Q&A for Java developers

4) Security holes & how to fix them interview Q&A

print


Top