TLS Standard Setup

Owned by Jenni Wallin
Last updated: Jun 09, 2023 by Yeok Hong Ng
1 min read

The TLS requires that you set up a keystore to contain certificates and private keys. Follow the steps below to set up a keystore.

For instructions to include client authentication (two-way authentication), see Enabling Client Authentication.

Example - How to create a symmetric crypto key

$ keytool -keystore test.ks -storepass password -genseckey -keysize 128 -alias testkey -keyalg AES

Example - How to create a Keystore file with security contents

This example code shows how to create a Java keystore file for both the server and client connection. In this example this will generate the file, containing the associated security certificate, public and private key. 

Code Block
keytool -genkey -alias server -keyalg RSA -keystore ./server.jks

NOTE: Remember the password issued for the server.jks file.

Example - How to create a client-specific Keystore file

To create a client-specific Java Keystore file, you can use the keytool command with the required variables. In this example the generated file will be for a specific client and contain only their certificate and public key. 

Code Block
$ keytool -export -alias server -keystore ./server.jks -file ./server.cer
...
$ keytool -import -alias client -file ./server.cer -keystore ./client.jks
...

Note: Execution of these commands will present password entry prompts, you will need to remember the entered passphrase.