Categories:
Audio (13)
Biotech (29)
Bytecode (36)
Database (77)
Framework (7)
Game (7)
General (507)
Graphics (53)
I/O (35)
IDE (2)
JAR Tools (102)
JavaBeans (21)
JDBC (121)
JDK (426)
JSP (20)
Logging (108)
Mail (58)
Messaging (8)
Network (84)
PDF (97)
Report (7)
Scripting (84)
Security (32)
Server (121)
Servlet (26)
SOAP (24)
Testing (54)
Web (15)
XML (322)
Collections:
Other Resources:
Create SSL Client Certificate with "keytool"
How to create an SSL Client Certificate with JDK "keytool"? I want to run a SSL socket client program that requires client authentication.
✍: FYIcenter
"keytool" from the JDK package is a nice tool to create public and private key pairs.
It also allows you that create self-sign client certificates that you can use as SSL client certificates.
Here are the steps you can follow to create SSL client certificates for testing purpose:
1. Generate a self-signed certificate as the client certificate in a keystore file:
\fyicenter>\local\jdk-1.8.0\bin\keytool -genkeypair -alias client -keystore client.jks Enter keystore password: fyicenter What is your first and last name? [Unknown]: Frank Y. Ivy What is the name of your organizational unit? [Unknown]: IT What is the name of your organization? [Unknown]: FYIcenter What is the name of your City or Locality? [Unknown]: NA What is the name of your State or Province? [Unknown]: NA What is the two-letter country code for this unit? [Unknown]: FR Is CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR correct? [no]: yes Enter key password for <client> (RETURN if same as keystore password): fyicenter Re-enter new password: fyicenter
2. Export the client certificate as certificate file to be able to give it to server:
\fyicenter>\local\jdk-1.8.0\bin\keytool -exportcert -alias client -keystore client.jks -file client.crt Enter keystore password: fyicenter Certificate stored in file <client.crt>
3. Verify the client certificate file:
\fyicenter>\local\jdk-1.8.0\bin\keytool -printcert -file client.crt Owner: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Issuer: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Serial number: 12414e2f Valid from: Sun Jun 25 11:29:50 until: Sat Sep 23 11:29:50 Certificate fingerprints: MD5: C3:C7:4D:06:F5:62:91:3D:C3:25:93:2C:01:BE:EF:B5 SHA1: FF:08:6F:E1:80:C2:72:8D:81:58:21:AF:31:C2:02:AA:CB:02:A8:5E SHA256: 1B:ED:2E:B5:88:0C:8E:B6:A3:29:04:9D:15:B6:B2:C6:5A:14:AF:38:0C:... Signature algorithm name: SHA1withDSA Version: 3 ...
The client certificate is ready. To use it, you need to provide client.jks to the SSL server program, and provide client.crt to the server program.
⇒ Client Certificate Authentication Example
⇐ What Is Client Certificate Authentication
2018-06-12, 1721🔥, 0💬
Popular Posts:
How to read XML document with DTD validation from socket connections with the socket\DelayedInput.ja.. .
itextpdf.jar is a component in iText 5 Java library to provide core functionalities. iText Java libr...
JDK 11 java.base.jmod is the JMOD file for JDK 11 Base module. JDK 11 Base module compiled class fil...
What Is log4j-1.2.15.jar? I got the JAR file from apache-log4j-1.2.15.zip. log4j-1.2.15.jar is the v...
How to display XML element type information with the jaxp\TypeInfoWriter.java provided in the Apache...