TLS Standard Setup

Owned by Yeok Hong Ng
Apr 26, 2024
1 min read

The TLS requires that you set up a keystore to contain certificates and private keys. Follow the steps below to set up a keystore.

For instructions to include client authentication (two-way authentication), see Enabling Client Authentication.

Example - How to Create a Symmetric Crypto Key

keytool -keystore test.ks -storepass password -genseckey -keysize 128 -alias testkey -keyalg AES

Example - How to Create a Keystore File with Security Contents

The example code below shows how to create a Java keystore file for both the server and client connection. In this example, the file will be generated containing the associated security certificate, public and private key. 

Code Block
keytool -genkey -alias server -keyalg RSA -keystore ./server.jks

Note! Remember the password issued for the server.jks file.

Example - How to Create a Client-Specific Keystore File

To create a client-specific Java Keystore file, you can use the keytool command with the required variables. In this example, the generated file will be for a specific client and contain only their certificate and public key. 

Code Block
keytool -export -alias server -keystore ./server.jks -file ./server.cer
...
keytool -import -alias client -file ./server.cer -keystore ./client.jks
...

Note! Execution of these commands will present password entry prompts, and you will need to remember the entered passphrase.