问题
I'm building a Java Client-Server application. The client will communicating with the Server through SSL. I want to achive that the client needs to be authenticate itself. I mean use a keystore or whatever, but this topic is really new to me.
So my question would be, how can I generate a Client and a Server side Keystore (if that's what it's called) and self sign it. From here I can do the rest.
What I have:
keytool -genkeypair -alias test -keystore test.store -storepass StorePass -validity 365 -keyalg RSA -keysize 2048 -dname "CN=TestCompany Ltd., OU=TestCompany Developments, O=TestCompany Ltd., L=MyCity, S=MyState, C=HU" -storetype jks
keytool -keystore test.store -certreq -alias test -keyalg rsa -file test.csr
I think now I need to self-sign the test.csr, right? But what will be this? Should be this used on the Server or the Client side?
And there again on the server side there should be a Keystore which only contains the certificate, but not the private key? Or how does this work? :)
Thanks for any help in advance!
回答1:
You've generated a CSR. Certificate Signing Request. So, you need somebody to sign it. If you just want a self-signed certificate, use the -selfcert option.
On the server side you need a keystore file containing both the private key and the signed certificate, under the same alias.
On the client side top you need either:
- a truststore containing the self-signed certificate, if you do that, or
- a truststore containing the CA certificate or its root, if you have it CA-signed, and Java already comes with ones of these.
来源:https://stackoverflow.com/questions/23227849/client-server-ssl-communication-self-signed-certificate