Server has clients public certificate but it also has additional serverkey1. This keys public certificate is not imported in clients store. We use custom key manager to select serverkey. If there is no custom key manager, key selection is based on some hashing algorithm which will return the keys in random order.
More...
Server has clients public certificate but it also has additional serverkey1. This keys public certificate is not imported in clients store. We use custom key manager to select serverkey. If there is no custom key manager, key selection is based on some hashing algorithm which will return the keys in random order.
Setup
Generate the Client and Server Keystores
-
keytool -genkeypair -alias serverkey -keyalg RSA -dname "CN=localhost,OU=Organization Unit,O=Organization,L=City,S=State,C=IN" -keypass password -keystore serverkeystore.jks -storepass password
-
keytool -genkeypair -alias clientkey -keyalg RSA -dname "CN=localhost,OU=Organization Unit,O=Organization,L=City,S=State,C=IN" -keypass password -storepass password -keystore clientkeystore.jks
Install the client's public certificate in to the server's keystore
-
keytool -exportcert -alias clientkey -file client-public.cer -keystore clientkeystore.jks -storepass password
-
keytool -importcert -keystore serverkeystore.jks -alias clientcert -file client-public.cer -storepass password -noprompt
Export the Server's Public Certificate and Import it in to the client's Keystore
-
keytool -exportcert -alias serverkey -file server-public.cer -keystore serverkeystore.jks -storepass password
-
keytool -importcert -keystore clientkeystore.jks -alias servercert -file server-public.cer -storepass password -noprompt
Generate a new alias serverkey1
-
keytool -genkeypair -alias serverkey1 -keyalg RSA -dname "CN=localhost,OU=Organization Unit,O=Organization,L=City,S=State,C=IN" -keypass password -keystore serverkeystore.jks -storepass password
-
Do not import the public certificate corresponding to serverkey1 into clients keystore.
Check keystore contents
-
keytool -list -keystore serverkeystore.jks -storepass password
-
keytool -list -v -keystore serverkeystore.jks -storepass password -alias serverkey1
-
keytool -list -v -keystore clientkeystore.jks -storepass password -alias clientkey
1.8.9.1
