Categories:
Audio (13)
Biotech (29)
Bytecode (36)
Database (77)
Framework (7)
Game (7)
General (507)
Graphics (53)
I/O (35)
IDE (2)
JAR Tools (101)
JavaBeans (21)
JDBC (121)
JDK (426)
JSP (20)
Logging (108)
Mail (58)
Messaging (8)
Network (84)
PDF (97)
Report (7)
Scripting (84)
Security (32)
Server (121)
Servlet (26)
SOAP (24)
Testing (54)
Web (15)
XML (309)
Collections:
Other Resources:
Create SSL Client Certificate with "keytool"
How to create an SSL Client Certificate with JDK "keytool"? I want to run a SSL socket client program that requires client authentication.
✍: FYIcenter
"keytool" from the JDK package is a nice tool to create public and private key pairs. It also allows you that create self-sign client certificates that you can use as SSL client certificates. Here are the steps you can follow to create SSL client certificates for testing purpose:
1. Generate a self-signed certificate as the client certificate in a keystore file:
\fyicenter>\local\jdk-1.8.0\bin\keytool -genkeypair -alias client -keystore client.jks Enter keystore password: fyicenter What is your first and last name? [Unknown]: Frank Y. Ivy What is the name of your organizational unit? [Unknown]: IT What is the name of your organization? [Unknown]: FYIcenter What is the name of your City or Locality? [Unknown]: NA What is the name of your State or Province? [Unknown]: NA What is the two-letter country code for this unit? [Unknown]: FR Is CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR correct? [no]: yes Enter key password for <client> (RETURN if same as keystore password): fyicenter Re-enter new password: fyicenter
2. Export the client certificate as certificate file to be able to give it to server:
\fyicenter>\local\jdk-1.8.0\bin\keytool -exportcert -alias client -keystore client.jks -file client.crt Enter keystore password: fyicenter Certificate stored in file <client.crt>
3. Verify the client certificate file:
\fyicenter>\local\jdk-1.8.0\bin\keytool -printcert -file client.crt Owner: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Issuer: CN=Frank Y. Ivy, OU=IT, O=FYIcenter, L=NA, ST=NA, C=FR Serial number: 12414e2f Valid from: Sun Jun 25 11:29:50 until: Sat Sep 23 11:29:50 Certificate fingerprints: MD5: C3:C7:4D:06:F5:62:91:3D:C3:25:93:2C:01:BE:EF:B5 SHA1: FF:08:6F:E1:80:C2:72:8D:81:58:21:AF:31:C2:02:AA:CB:02:A8:5E SHA256: 1B:ED:2E:B5:88:0C:8E:B6:A3:29:04:9D:15:B6:B2:C6:5A:14:AF:38:0C:... Signature algorithm name: SHA1withDSA Version: 3 ...
The client certificate is ready. To use it, you need to provide client.jks to the SSL server program, and provide client.crt to the server program.
⇒ Client Certificate Authentication Example
⇐ What Is Client Certificate Authentication
2018-06-12, 1562🔥, 0💬
Popular Posts:
What Is poi-scratchpad-5.2.3.jar ?poi-scratchpad-5.2.3.jar is one of the JAR files for Apache POI 5....
JDK 17 jdk.compiler.jmod is the JMOD file for JDK 17 Compiler tool, which can be invoked by the "jav...
iText is an ideal library for developers looking to enhance web- and other applications with dynamic...
What Is XMLBeans xbean.jar 2.6.0? XMLBeans xbean.jar 2.6.0 is the JAR file for Apache XMLBeans 2.6.0...
What Is javaws.jar in JRE (Java Runtime Environment) 8? javaws.jar in JRE (Java Runtime Environment)...