Wednesday, January 21, 2015

A Straight-forward Two-way Client-Server Self-Signed Certificate using Keytool

The following set of commands will generate:

  • Two (2) .jks files: clientKeystore.jks and serverKeystore.jks. 
  • Two (2) .cer files: clientcert.cer and servercert.cer

Replace the following accordingly:
{FULL_PATH} - the path where you want to place all the generated files
{NUMBER_OF_DAYS} - specify number of days the certificates will be valid (e.g. 2 years = 730, 5 years = 1825)
{CLIENT_STORE_PASS} - password for accessing the clientKeystore.jks
{CLIENT_KEY_PASS} - password for the self-signed certificate alias myclientkey
{SERVER_STORE_PASS} - password for accessing the serverKeystore.jks
{SERVER_KEY_PASS} - password for the self-signed certificage alias: myserverkey
{DN} - the distinguished name e.g. cn=Example, ou=ExmapleUnit, o=ExampleOrg, c=PH

Additional details you may wish to replace:
myclientkey - alias name for client self-signed certificate
myserverkey - alias name for server self-signed certificate
clientKeystore.jks - name of the client keystore
serverKeystore.jks - name of the server keystore
clientcert.cer - name of the exported client certificate
servercert.cer - name of the exported server certificate

For more details please see: http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html


keytool -genkey -keystore {FULL_PATH}/clientKeystore.jks -alias myclientkey -keyalg rsa -keysize 2048 -dname "{DN}" -validity {NUMBER_OF_DAYS} -storepass {CLIENT_STORE_PASS} -keypass {CLIENT_KEY_PASS}

keytool -genkey -keystore {FULL_PATH}/serverKeystore.jks -alias myserverkey -keyalg rsa -keysize 2048 -dname "{DN}" -validity {NUMBER_OF_DAYS} -storepass {SERVER_STORE_PASS} -keypass {SERVER_KEY_PASS}

keytool -exportcert -keystore {FULL_PATH}/clientKeystore.jks -alias myclientkey -storepass {CLIENT_STORE_PASS} -file {FULL_PATH}/clientcert.cer

keytool -exportcert -keystore {FULL_PATH}/serverKeystore.jks -alias myserverkey -storepass {SERVER_STORE_PASS} -file {FULL_PATH}/servicecert.cer

keytool -importcert -keystore {FULL_PATH}/clientKeystore.jks -storetype JKS -alias myserverkey -file {FULL_PATH}/servicecert.cer -storepass {CLIENT_STORE_PASS} -keypass {CLIENT_KEY_PASS}

keytool -importcert -keystore {FULL_PATH}/serverKeystore.jks -storetype JKS -alias myclientkey -file {FULL_PATH}/clientcert.cer -storepass {SERVER_STORE_PASS} -keypass {SERVER_KEY_PASS}
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)