Categories:
Audio (13)
Biotech (29)
Bytecode (36)
Database (77)
Framework (7)
Game (7)
General (507)
Graphics (53)
I/O (35)
IDE (2)
JAR Tools (101)
JavaBeans (21)
JDBC (121)
JDK (426)
JSP (20)
Logging (108)
Mail (58)
Messaging (8)
Network (84)
PDF (97)
Report (7)
Scripting (84)
Security (32)
Server (121)
Servlet (26)
SOAP (24)
Testing (54)
Web (15)
XML (309)
Collections:
Other Resources:
Create SSL Client Certificate with "keytool"
How to create an SSL Client Certificate with JDK "keytool"? I want to run a SSL socket client program that requires client authentication.
✍: FYIcenter
"keytool" from the JDK package is a nice tool to create public and private key pairs.
It also allows you that create self-sign client certificates that you can use as SSL client certificates.
Here are the steps you can follow to create SSL client certificates for testing purpose:
1. Generate a self-signed certificate as the client certificate in a keystore file:
\fyicenter>\local\jdk-1.8.0\bin\keytool -genkeypair -alias client -keystore client.jks Enter keystore password: fyicenter What is your first and last name? [Unknown]: Frank Y. Ivy What is the name of your organizational unit? [Unknown]: IT What is the name of your organization? [Unknown]: FYIcenter What is the name of your City or Locality? [Unknown]: NA What is the name of your State or Province? [Unknown]: NA What is the two-letter country code for this unit? [Unknown]: FR Is CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR correct? [no]: yes Enter key password for <client> (RETURN if same as keystore password): fyicenter Re-enter new password: fyicenter
2. Export the client certificate as certificate file to be able to give it to server:
\fyicenter>\local\jdk-1.8.0\bin\keytool -exportcert -alias client -keystore client.jks -file client.crt Enter keystore password: fyicenter Certificate stored in file <client.crt>
3. Verify the client certificate file:
\fyicenter>\local\jdk-1.8.0\bin\keytool -printcert -file client.crt Owner: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Issuer: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Serial number: 12414e2f Valid from: Sun Jun 25 11:29:50 until: Sat Sep 23 11:29:50 Certificate fingerprints: MD5: C3:C7:4D:06:F5:62:91:3D:C3:25:93:2C:01:BE:EF:B5 SHA1: FF:08:6F:E1:80:C2:72:8D:81:58:21:AF:31:C2:02:AA:CB:02:A8:5E SHA256: 1B:ED:2E:B5:88:0C:8E:B6:A3:29:04:9D:15:B6:B2:C6:5A:14:AF:38:0C:... Signature algorithm name: SHA1withDSA Version: 3 ...
The client certificate is ready. To use it, you need to provide client.jks to the SSL server program, and provide client.crt to the server program.
⇒ Client Certificate Authentication Example
⇐ What Is Client Certificate Authentication
2018-06-12, 1320🔥, 0💬
Popular Posts:
JRE 8 rt.jar is the JAR file for JRE 8 RT (Runtime) libraries. JRE (Java Runtime) 8 is the runtime e...
How to download and install Apache XMLBeans Source Package? The source package contains Java source ...
maven-compat-3.8.6.jar is the JAR file for Apache Maven 3.8.6 Compact module. The JAR file name may ...
Java Servlet 3.0 Specification API. JAR File Size and Download Location: File name: servlet-api.jar,...
XMLSchema, Release 1.4.2, is a lightweight Java object model that can be used to manipulate and gene...