TLS Standard Setup
The TLS requires that you set up a keystore to contain certificates and private keys. Follow the steps below to set up a keystore.
For instructions to include client authentication (two-way authentication), see Enabling Client Authentication.
Example - How to create a symmetric crypto key Example - How to create a Keystore file with security contents This example code shows how to create a Java keystore file for both the server and client connection. In this example this will generate the file, containing the associated security certificate, public and private key. NOTE: Remember the password issued for the server.jks file. Example - How to create a client-specific Keystore file To create a client-specific Java Keystore file, you can use the keytool command with the required variables. In this example the generated file will be for a specific client and contain only their certificate and public key. Note: Execution of these commands will present password entry prompts, you will need to remember the entered passphrase. $ keytool -keystore test.ks -storepass password -genseckey -keysize 128 -alias testkey -keyalg AES
keytool -genkey -alias server -keyalg RSA -keystore ./server.jks
$ keytool -export -alias server -keystore ./server.jks -file ./server.cer
...
$ keytool -import -alias client -file ./server.cer -keystore ./client.jks
...