TLS Standard Setup
- Yeok Hong Ng (Deactivated)
The TLS requires that you set up a keystore to contain certificates and private keys. Follow the steps below to set up a keystore.
For instructions to include client authentication (two-way authentication), see Enabling Client Authentication.
The example code below shows how to create a Java keystore file for both the server and client connection. In this example, the file will be generated containing the associated security certificate, public and private key. Note! Remember the password issued for the server.jks file. To create a client-specific Java Keystore file, you can use the keytool command with the required variables. In this example, the generated file will be for a specific client and contain only their certificate and public key. Note! Execution of these commands will present password entry prompts, and you will need to remember the entered passphrase. Example - How to Create a Symmetric Crypto Key
keytool -keystore test.ks -storepass password -genseckey -keysize 128 -alias testkey -keyalg AES
Example - How to Create a Keystore File with Security Contents
Code Block
keytool -genkey -alias server -keyalg RSA -keystore ./server.jks
Example - How to Create a Client-Specific Keystore File
Code Block
keytool -export -alias server -keystore ./server.jks -file ./server.cer
...
keytool -import -alias client -file ./server.cer -keystore ./client.jks
...