Java Reference
In-Depth Information
keytool -export -keystore jboss.keystore -alias
as7alias -file sslPublicKey.cer -keypass
mypassword -storepass mypassword
Now we have finished with the server, we will now generate a key pair for the client
too. We will do this by using the alias
ejbclientalias
and the same properties as
we did for the server's
keystore
object:
keytool -genkey -v -alias ejbclientalias
-keyalg RSA -keysize 1024 -keystore
jbossClient.keystore -validity 180 -keypass
clientPassword -storepass clientPassword -dname
"cn=Francesco Marchioni,o=PacktPub,c=GB"
The client public key will also be exported into a certificate named
clien-
tPublicKey.cer
.
keytool -export -keystore jbossClient.keystore
-alias ejbclientalias -file clientPublicKey.cer
-keypass clientPassword -storepass
clientPassword
Now, in order to complete the SSL handshake successfully, we need to first import
the client's public key into the server's
truststore
object:
keytool -import -v -trustcacerts -alias
ejbclientalias -file clientPublicKey.cer
-keystore jboss.keystore -keypass mypassword
-storepass mypassword
The server certificate also needs to be trusted by the client. You have two available
options to solve this issue, as follows:
• Import the server certificate into the client's JDK bundle of certificates
• Create a new repository of certificates trusted by the client (
trust-
store
)
