Samples JDK
Main Page
Related Pages
Packages
Classes
Files
File List
src
com
freemindcafe
socket
ssl
sample4
package-info.java
1
/**
2
* \brief Server has clients public certificate but it also has additional serverkey1. This keys public certificate is not imported in clients store.
3
* Hence client auth fails as server sends the certficate for serverkey1. Since the key selection is based upon the hashcodes of the keys, the keys
4
* will not be predictably picked.
5
*
6
* <h1>Setup</h1>
7
* <h2>Generate the Client and Server Keystores</h2>
8
* <ul>
9
* <li>keytool -genkeypair -alias serverkey -keyalg RSA -dname "CN=localhost,OU=Organization Unit,O=Organization,L=City,S=State,C=IN" -keypass password -keystore serverkeystore.jks -storepass password</li>
10
* <li>keytool -genkeypair -alias clientkey -keyalg RSA -dname "CN=localhost,OU=Organization Unit,O=Organization,L=City,S=State,C=IN" -keypass password -storepass password -keystore clientkeystore.jks</li>
11
* </ul>
12
* <h2>Install the client's public certificate in to the server's keystore</h2>
13
* <ul>
14
* <li>keytool -exportcert -alias clientkey -file client-public.cer -keystore clientkeystore.jks -storepass password</li>
15
* <li>keytool -importcert -keystore serverkeystore.jks -alias clientcert -file client-public.cer -storepass password -noprompt</li>
16
* </ul>
17
* <h2>Export the Server's Public Certificate and Import it in to the client's Keystore</h2>
18
* <ul>
19
* <li>keytool -exportcert -alias serverkey -file server-public.cer -keystore serverkeystore.jks -storepass password</li>
20
* <li>keytool -importcert -keystore clientkeystore.jks -alias servercert -file server-public.cer -storepass password -noprompt</li>
21
* </ul>
22
* <h2>Generate a new alias serverkey1</h2>
23
* <ul>
24
* <li>keytool -genkeypair -alias serverkey1 -keyalg RSA -dname "CN=localhost,OU=Organization Unit,O=Organization,L=City,S=State,C=IN" -keypass password -keystore serverkeystore.jks -storepass password</li>
25
* <li>Do not import the public certificate corresponding to serverkey1 into client's keystore.</li>
26
* </ul>
27
* <h2>Check keystore contents</h2>
28
* <ul>
29
* <li>keytool -list -keystore serverkeystore.jks -storepass password</li>
30
* <li>keytool -list -v -keystore serverkeystore.jks -storepass password -alias serverkey1</li>
31
* <li>keytool -list -v -keystore clientkeystore.jks -storepass password -alias clientkey</li>
32
* <ul>
33
*
34
*/
35
package
com.freemindcafe.socket.ssl.sample4;
Generated on Fri Feb 19 2016 08:35:43 for Samples JDK by
1.8.9.1
1.8.9.1
