Java Reference
In-Depth Information
keytool -export -keystore jboss.keystore -alias wflyAlias
-file sslPublicKey.cer -keypass mypassword -storepass
mypassword
Now that we have finished configuring the server, we will generate a key pair for the cli-
ent too. We will do this by using the alias
ejbclientalias
and the same properties as
we did for the server's
keystore
object:
keytool -genkey -v -alias ejbclientalias -keyalg RSA
-keysize 1024 -keystore jbossClient.keystore -validity 180
-keypass clientPassword -storepass clientPassword -dname
"cn=John Smith,o=PacktPub,c=GB"
The client public key will also be exported to a certificate named
clien-
tPublicKey.cer
.
keytool -export -keystore jbossClient.keystore -alias
ejbclientalias -file clientPublicKey.cer -keypass
clientPassword -storepass clientPassword
Now, in order to complete the SSL handshake successfully, we need to first import the cli-
ent's public key into the server's
truststore
object:
keytool -import -v -trustcacerts -alias ejbclientalias
-file clientPublicKey.cer -keystore jboss.keystore -keypass
mypassword -storepass mypassword
The server certificate also needs to be trusted by the client. You have two available op-
tions to solve this issue, as follows:
• Import the server certificate into the client's JDK bundle of certificates
• Create a new repository of certificates trusted by the client (
truststore
)
Importing the server certificate into the client JDK means executing a certificate import
into the client's certified authorities.
keytool -import -v -trustcacerts -alias wflyAlias -file
sslPublicKey.cer -keystore
C:\Java\jdk1.8.0_20\jre\lib\security\cacerts
