Menu
How to:
To make SSL work between client and server, I need help in only Generation of keystore and truststore for mutual authentication step-by-step guide with terminal commands(Keytool and openssl).
492
Keystores and truststores are repositories that contain cryptographic artifacts like certificates and private keys that are used for cryptographic protocols such as TLS. A keystore contains personal certificates, plus the corresponding private keys that are used to identify the owner of the certificate.
I followed This link.
1.Generate keystore(At server):
keytool -genkey -alias bmc -keyalg RSA -keystore KeyStore.jks -keysize 2048 2.Generate new ca-cert and ca-key:
openssl req -new -x509 -keyout ca-key -out ca-cert 3.Extracting cert/creating cert sign req(csr):
keytool -keystore KeyStore.jks -alias bmc -certreq -file cert-file 4.Sign the “cert-file” and cert-signed wil be the new cert:
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:yourpass 5.importing the ca-cert to keystore file:
keytool -keystore KeyStore.jks -alias CARoot -import -file ca-cert 6.import cert-signed to keystore:
keytool -keystore KeyStore.jks -alias bmc -import -file cert-signed 7.Copy ca-cert into client machine and generate truststore: (At client)
keytool -keystore truststore.jks -alias bmc -import -file ca-cert-s 8.Copy ca-cert into client machine and generate truststore: (At server)
keytool -keystore truststore.jks -alias bmc -import -file ca-cert-c **Repeat the step(1-6) at client side and generate truststore at server side by importing ca-cert of client(step 8)
Renamed ca-cert after step 6.
Ex: ca-cert-s generated at server side and ca-cert-c at client and exchanged each other for generating truststore.
51
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With