🪪TLS Certificates

Java Stores

There are two keystore files used in Java:

• Key Store: These files contain certificates to proof authentication with a private key. Certificates can be server certificates (e.g. www.acme.com), intermediate certificates or client certificates (e.g. john.doe@acme.com).

• Trust Store: These files contain public certificates of trusted identities. Certificates are trusted root certificates (e.g. Verisign, Microsoft, etc.), intermediates certificates or trusted server and client certificates. A default file (usually named cacerts with the default password changeit) is shipped with the JVM.

Create Self Signed Certificate

openssl req -x509 -newkey rsa:2048 -sha256 -keyout key.pem -out cert.pem -days 365 -nodes

Convert PEM certificate to P12

openssl pkcs12 -export -in certificate.pem -out certificate.p12 

Create JKS file from P12 certificate

keytool -importkeystore -srckeystore certificate.p12 -srcstoretype pkcs12 -destkeystore keyfile.jks

Add Client Certificate to JKS file

keytool -import -trustcacerts -file clientcert.pem -keypass clientCertPass -storepass keyfilePass -keystore keyfile.jks

Display Content of JKS file

keytool -list -v -keystore keyfile.jks

Simple TLS Server

openssl s_server -key key.pem -cert cert.pem -accept 443

TLS Connection Test

openssl s_client -connect hostname:443