Java Reference
In-Depth Information
users to cache the public keys (in the form of certificates) of their communicating
peers.
The keytool stores the keys and certificates in a file termed keystore, a repository of
certificates used for identifying a client or server. Typically, a keystore contains one
client or server's identity, which is protected by a password. Let's see an example of
keystore generation:
keytool -genkey -keystore jboss.keystore
-storepass mypassword -keypass mypassword
-keyalg RSA -validity 180 -alias as7alias
-dname "cn=Francesco
Marchioni,o=PackPub,c=GB"
This command creates the keystore named jboss.keystore in the working direct-
ory, and assigns it the password mypassword . It generates a public/private key pair
for the entity whose unique name has the common name Francesco Marchioni ,
organization PacktPub , and two-letter country code GB .
The result of this action will be a self-signed certificate (using the RSA signature al-
gorithm) that includes the public key and the unique name's information. This certi-
ficate will be valid for 180 days, and is associated with the private key in a keystore
entry referred to by the alias as7alias .
Tip
A self-signed certificate is a certificate that has not been verified by a CA and
thus leaves you vulnerable to the classic man-in-the-middle attack. A self-signed
certificate is only suitable for in-house use or for testing while you wait for your
real one to arrive.
Securing the HTTP communication with a self-signed
certificate
Now let's see how you can use this keystore file to secure your JBoss web channel.
Open your server configuration file and locate the web subsystem.
Search WWH ::




Custom Search