The TLS requires that you set up a keystore to contain certificates and private keys. Follow the steps below to set up a keystore.
For instructions to include client authentication (two-way authentication), see Enabling Client Authentication.
Example - How to create a symmetric crypto key
$ keytool -keystore test.ks -storepass password -genseckey -keysize 128 -alias testkey -keyalg AES
Example - How to create a Keystore file with security contents
This example code shows how to create a Java keystore file for both the server and client connection. In this example this will generate the file, containing the associated security certificate, public and private key.
keytool -genkey -alias server -keyalg RSA -keystore ./server.jks
NOTE: Remember the password issued for the server.jks file.
Example - How to create a client-specific Keystore file
To create a client-specific Java Keystore file, you can use the keytool command with the required variables. In this example the generated file will be for a specific client and contain only their certificate and public key.
$ keytool -export -alias server -keystore ./server.jks -file ./server.cer ... $ keytool -import -alias client -file ./server.cer -keystore ./client.jks ...
Note: Execution of these commands will present password entry prompts, you will need to remember the entered passphrase.